Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EMfRi659Ir.exe

Overview

General Information

Sample name:EMfRi659Ir.exe
renamed because original name is a hash value
Original sample name:cd9660e42868082ea20472ecd6a22ae9573053af7c1de8daaa5f4f75c99c41b6.exe
Analysis ID:1586713
MD5:1d193430d800a1c0e6864567543c47bb
SHA1:ab5c3eb3dab9f89a2f8876a9e3ca0a75384f4eab
SHA256:cd9660e42868082ea20472ecd6a22ae9573053af7c1de8daaa5f4f75c99c41b6
Tags:exeuser-crep1x
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Detected potential crypto function
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • EMfRi659Ir.exe (PID: 7992 cmdline: "C:\Users\user\Desktop\EMfRi659Ir.exe" MD5: 1D193430D800A1C0E6864567543C47BB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: EMfRi659Ir.exeReversingLabs: Detection: 57%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
Source: EMfRi659Ir.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: ntdll.pdb source: EMfRi659Ir.exe, 00000002.00000002.1610782310.000001B2E6F33000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612616660.000001B2E8337000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613085089.000001B2E873D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612261907.000001B2E7F34000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609894510.000001B2E653F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609289526.000001B2E5F37000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612430504.000001B2E8139000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613802216.000001B2E8F3E000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611332417.000001B2E7530000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610979280.000001B2E713A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611896797.000001B2E7B3F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614602051.000001B2E9538000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614058305.000001B2E913F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611149650.000001B2E733A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613455506.000001B2E8B37000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609542464.000001B2E6135000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614307148.000001B2E933D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613624050.000001B2E8D35000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611721174.000001B2E7934000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610075533.000001B2E6737000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611509177.000001B2E773B000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609709581.000001B2E633F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610261446.000001B2E6932000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613284338.000001B2E8930000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610441918.000001B2E6B3D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610623307.000001B2E6D31000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612073823.000001B2E7D34000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612801561.000001B2E853A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: EMfRi659Ir.exe, 00000002.00000002.1610782310.000001B2E6F33000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612616660.000001B2E8337000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613085089.000001B2E873D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612261907.000001B2E7F34000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609894510.000001B2E653F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609289526.000001B2E5F37000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612430504.000001B2E8139000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613802216.000001B2E8F3E000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611332417.000001B2E7530000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610979280.000001B2E713A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611896797.000001B2E7B3F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614602051.000001B2E9538000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614058305.000001B2E913F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611149650.000001B2E733A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613455506.000001B2E8B37000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609542464.000001B2E6135000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614307148.000001B2E933D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613624050.000001B2E8D35000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611721174.000001B2E7934000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610075533.000001B2E6737000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611509177.000001B2E773B000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609709581.000001B2E633F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610261446.000001B2E6932000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613284338.000001B2E8930000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610441918.000001B2E6B3D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610623307.000001B2E6D31000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612073823.000001B2E7D34000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612801561.000001B2E853A000.00000004.00000020.00020000.00000000.sdmp
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: tataragirld.site
Source: EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/
Source: EMfRi659Ir.exe, 00000002.00000002.1608884799.000001B2E4357000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/#
Source: EMfRi659Ir.exe, 00000002.00000003.1604753376.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1603226104.000001B2E439F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1600479017.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/&E
Source: EMfRi659Ir.exe, 00000002.00000002.1609070610.000001B2E439B000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E439B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/2E
Source: EMfRi659Ir.exe, 00000002.00000003.1604870904.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606168907.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592400745.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/FE-L.
Source: EMfRi659Ir.exe, 00000002.00000003.1604870904.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606168907.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/JE
Source: EMfRi659Ir.exe, 00000002.00000003.1592400745.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E439A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/VE=L
Source: EMfRi659Ir.exe, 00000002.00000003.1589707781.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591034789.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/ZE1L
Source: EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1589707781.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591034789.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592400745.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E439A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/jE
Source: EMfRi659Ir.exe, 00000002.00000002.1609151257.000001B2E4430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/sagesse_renaldo00.html
Source: EMfRi659Ir.exe, 00000002.00000002.1609151257.000001B2E4430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/sagesse_renaldo00.html)
Source: EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607703476.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1608884799.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E439B000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1587932850.000001B2E439F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/sagesse_renaldo00.html?tdfgozllgbxxyj=yhIP6D%2BNM98rEr1pqaSoG1KWw5J7mExVtIz
Source: EMfRi659Ir.exe, 00000002.00000002.1609151257.000001B2E4430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/sagesse_renaldo00.htmlM
Source: EMfRi659Ir.exe, 00000002.00000002.1609151257.000001B2E4430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/sagesse_renaldo00.htmle
Source: EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606168907.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604870904.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607703476.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1600479017.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604753376.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1603226104.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609070610.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site:443
Source: EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607703476.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609070610.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site:443:
Source: EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1600479017.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604753376.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1603226104.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site:443IN
Source: EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606168907.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604870904.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607703476.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604753376.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1603226104.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609070610.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site:443d
Source: EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592400745.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site:443vM
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3DE102_2_00007FF66CB3DE10
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC63E002_2_00007FF66CC63E00
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC57DE02_2_00007FF66CC57DE0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3D1802_2_00007FF66CB3D180
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC579402_2_00007FF66CC57940
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3BB102_2_00007FF66CB3BB10
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3B7302_2_00007FF66CB3B730
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3D6D02_2_00007FF66CB3D6D0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3F25B2_2_00007FF66CB3F25B
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3B3702_2_00007FF66CB3B370
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB345202_2_00007FF66CB34520
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB414B02_2_00007FF66CB414B0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3CDA02_2_00007FF66CB3CDA0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3DDFE2_2_00007FF66CB3DDFE
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB401502_2_00007FF66CB40150
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3D1802_2_00007FF66CB3D180
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB385C02_2_00007FF66CB385C0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3ADC02_2_00007FF66CB3ADC0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB385BE2_2_00007FF66CB385BE
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB375C82_2_00007FF66CB375C8
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB395D02_2_00007FF66CB395D0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB335CE2_2_00007FF66CB335CE
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB37D002_2_00007FF66CB37D00
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC1B9D82_2_00007FF66CC1B9D8
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB32DF02_2_00007FF66CB32DF0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB415F02_2_00007FF66CB415F0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB959902_2_00007FF66CB95990
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB315902_2_00007FF66CB31590
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB379902_2_00007FF66CB37990
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB7AD902_2_00007FF66CB7AD90
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB781902_2_00007FF66CB78190
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB36DA02_2_00007FF66CB36DA0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3CDA02_2_00007FF66CB3CDA0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC01D402_2_00007FF66CC01D40
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3A5402_2_00007FF66CB3A540
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB955502_2_00007FF66CB95550
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB409502_2_00007FF66CB40950
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB401502_2_00007FF66CB40150
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3B1502_2_00007FF66CB3B150
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB7B1602_2_00007FF66CB7B160
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3316B2_2_00007FF66CB3316B
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB7C1702_2_00007FF66CB7C170
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB417002_2_00007FF66CB41700
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC63F102_2_00007FF66CC63F10
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB38F202_2_00007FF66CB38F20
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3E3202_2_00007FF66CB3E320
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC01F2C2_2_00007FF66CC01F2C
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB382C02_2_00007FF66CB382C0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB7A6D02_2_00007FF66CB7A6D0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB392E02_2_00007FF66CB392E0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB372F22_2_00007FF66CB372F2
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB40A802_2_00007FF66CB40A80
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB652802_2_00007FF66CB65280
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB7AE902_2_00007FF66CB7AE90
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3C6A02_2_00007FF66CB3C6A0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3DAB02_2_00007FF66CB3DAB0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB41EB02_2_00007FF66CB41EB0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB37D002_2_00007FF66CB37D00
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB796B02_2_00007FF66CB796B0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3A6702_2_00007FF66CB3A670
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB7BA702_2_00007FF66CB7BA70
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3F25B2_2_00007FF66CB3F25B
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3D3BA2_2_00007FF66CB3D3BA
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB78FC02_2_00007FF66CB78FC0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB40A802_2_00007FF66CB40A80
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB7B7D02_2_00007FF66CB7B7D0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC1B7E02_2_00007FF66CC1B7E0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3EF8B2_2_00007FF66CB3EF8B
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB39B902_2_00007FF66CB39B90
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB78B902_2_00007FF66CB78B90
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB33B432_2_00007FF66CB33B43
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB787502_2_00007FF66CB78750
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB37D002_2_00007FF66CB37D00
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB371002_2_00007FF66CB37100
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB78D202_2_00007FF66CB78D20
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB41D302_2_00007FF66CB41D30
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3C9302_2_00007FF66CB3C930
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3E3202_2_00007FF66CB3E320
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB788F02_2_00007FF66CB788F0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB324F52_2_00007FF66CB324F5
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3287D2_2_00007FF66CB3287D
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB784802_2_00007FF66CB78480
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB7B4802_2_00007FF66CB7B480
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB390902_2_00007FF66CB39090
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB398A02_2_00007FF66CB398A0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB798A02_2_00007FF66CB798A0
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB3143E2_2_00007FF66CB3143E
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB958502_2_00007FF66CB95850
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC468402_2_00007FF66CC46840
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB380702_2_00007FF66CB38070
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: String function: 00007FF66CB41700 appears 37 times
Source: EMfRi659Ir.exeStatic PE information: Number of sections : 11 > 10
Source: EMfRi659Ir.exe, 00000002.00000002.1609709581.000001B2E64B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs EMfRi659Ir.exe
Source: classification engineClassification label: mal52.winEXE@1/0@1/0
Source: EMfRi659Ir.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\EMfRi659Ir.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: EMfRi659Ir.exeReversingLabs: Detection: 57%
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: EMfRi659Ir.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: EMfRi659Ir.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: EMfRi659Ir.exeStatic file information: File size 2636824 > 1048576
Source: EMfRi659Ir.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x22da00
Source: EMfRi659Ir.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: ntdll.pdb source: EMfRi659Ir.exe, 00000002.00000002.1610782310.000001B2E6F33000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612616660.000001B2E8337000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613085089.000001B2E873D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612261907.000001B2E7F34000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609894510.000001B2E653F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609289526.000001B2E5F37000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612430504.000001B2E8139000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613802216.000001B2E8F3E000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611332417.000001B2E7530000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610979280.000001B2E713A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611896797.000001B2E7B3F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614602051.000001B2E9538000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614058305.000001B2E913F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611149650.000001B2E733A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613455506.000001B2E8B37000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609542464.000001B2E6135000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614307148.000001B2E933D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613624050.000001B2E8D35000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611721174.000001B2E7934000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610075533.000001B2E6737000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611509177.000001B2E773B000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609709581.000001B2E633F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610261446.000001B2E6932000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613284338.000001B2E8930000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610441918.000001B2E6B3D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610623307.000001B2E6D31000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612073823.000001B2E7D34000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612801561.000001B2E853A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: EMfRi659Ir.exe, 00000002.00000002.1610782310.000001B2E6F33000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612616660.000001B2E8337000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613085089.000001B2E873D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612261907.000001B2E7F34000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609894510.000001B2E653F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609289526.000001B2E5F37000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612430504.000001B2E8139000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613802216.000001B2E8F3E000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611332417.000001B2E7530000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610979280.000001B2E713A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611896797.000001B2E7B3F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614602051.000001B2E9538000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614058305.000001B2E913F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611149650.000001B2E733A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613455506.000001B2E8B37000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609542464.000001B2E6135000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1614307148.000001B2E933D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613624050.000001B2E8D35000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611721174.000001B2E7934000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610075533.000001B2E6737000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1611509177.000001B2E773B000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609709581.000001B2E633F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610261446.000001B2E6932000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1613284338.000001B2E8930000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610441918.000001B2E6B3D000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1610623307.000001B2E6D31000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612073823.000001B2E7D34000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1612801561.000001B2E853A000.00000004.00000020.00020000.00000000.sdmp
Source: EMfRi659Ir.exeStatic PE information: real checksum: 0x28868a should be: 0x2860d3
Source: EMfRi659Ir.exeStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\EMfRi659Ir.exe TID: 8172Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CC56900 GetSystemInfo,2_2_00007FF66CC56900
Source: EMfRi659Ir.exe, 00000002.00000002.1608884799.000001B2E4326000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
Source: C:\Users\user\Desktop\EMfRi659Ir.exeAPI call chain: ExitProcess graph end nodegraph_2-5892
Source: C:\Users\user\Desktop\EMfRi659Ir.exeAPI call chain: ExitProcess graph end nodegraph_2-4843
Source: C:\Users\user\Desktop\EMfRi659Ir.exeAPI call chain: ExitProcess graph end nodegraph_2-4997
Source: C:\Users\user\Desktop\EMfRi659Ir.exeAPI call chain: ExitProcess graph end nodegraph_2-5309
Source: C:\Users\user\Desktop\EMfRi659Ir.exeCode function: 2_2_00007FF66CB311B5 Sleep,exit,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,exit,2_2_00007FF66CB311B5
Source: C:\Users\user\Desktop\EMfRi659Ir.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Users\user\Desktop\EMfRi659Ir.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		OS Credential Dumping1
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Deobfuscate/Decode Files or Information		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
EMfRi659Ir.exe58%ReversingLabsWin64.Trojan.CrypterX

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://tataragirld.site/0%Avira URL Cloudsafe
https://tataragirld.site:443vM0%Avira URL Cloudsafe
https://tataragirld.site/FE-L.0%Avira URL Cloudsafe
https://tataragirld.site/VE=L0%Avira URL Cloudsafe
https://tataragirld.site/2E0%Avira URL Cloudsafe
https://tataragirld.site/JE0%Avira URL Cloudsafe
https://tataragirld.site:443:0%Avira URL Cloudsafe
https://tataragirld.site/sagesse_renaldo00.html)0%Avira URL Cloudsafe
https://tataragirld.site/sagesse_renaldo00.htmlM0%Avira URL Cloudsafe
https://tataragirld.site/#0%Avira URL Cloudsafe
https://tataragirld.site:443IN0%Avira URL Cloudsafe
https://tataragirld.site/sagesse_renaldo00.html?tdfgozllgbxxyj=yhIP6D%2BNM98rEr1pqaSoG1KWw5J7mExVtIz0%Avira URL Cloudsafe
https://tataragirld.site:443d0%Avira URL Cloudsafe
https://tataragirld.site/&E0%Avira URL Cloudsafe
https://tataragirld.site/sagesse_renaldo00.htmle0%Avira URL Cloudsafe
https://tataragirld.site/sagesse_renaldo00.html0%Avira URL Cloudsafe
https://tataragirld.site:4430%Avira URL Cloudsafe
https://tataragirld.site/ZE1L0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0017.t-0009.t-msedge.net
13.107.246.45
truefalse
    		high
    tataragirld.site
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://tataragirld.site:443vMEMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592400745.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site/EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site/sagesse_renaldo00.html)EMfRi659Ir.exe, 00000002.00000002.1609151257.000001B2E4430000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site:443:EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607703476.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609070610.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site/VE=LEMfRi659Ir.exe, 00000002.00000003.1592400745.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E439A000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site/sagesse_renaldo00.htmlMEMfRi659Ir.exe, 00000002.00000002.1609151257.000001B2E4430000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site/2EEMfRi659Ir.exe, 00000002.00000002.1609070610.000001B2E439B000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E439B000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site/#EMfRi659Ir.exe, 00000002.00000002.1608884799.000001B2E4357000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site/JEEMfRi659Ir.exe, 00000002.00000003.1604870904.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606168907.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://tataragirld.site/jEEMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1589707781.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591034789.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592400745.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E439A000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        https://tataragirld.site/FE-L.EMfRi659Ir.exe, 00000002.00000003.1604870904.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606168907.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592400745.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tataragirld.site:443INEMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1600479017.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604753376.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1603226104.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tataragirld.site:443EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606168907.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604870904.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607703476.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1600479017.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604753376.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1603226104.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609070610.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tataragirld.site/sagesse_renaldo00.html?tdfgozllgbxxyj=yhIP6D%2BNM98rEr1pqaSoG1KWw5J7mExVtIzEMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607703476.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1608884799.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E439B000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1587932850.000001B2E439F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1592544685.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594175635.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E4376000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tataragirld.site/sagesse_renaldo00.htmlEMfRi659Ir.exe, 00000002.00000002.1609151257.000001B2E4430000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tataragirld.site/&EEMfRi659Ir.exe, 00000002.00000003.1604753376.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1594635739.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1603226104.000001B2E439F000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1600479017.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1601331341.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tataragirld.site/sagesse_renaldo00.htmleEMfRi659Ir.exe, 00000002.00000002.1609151257.000001B2E4430000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tataragirld.site/ZE1LEMfRi659Ir.exe, 00000002.00000003.1589707781.000001B2E4399000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591034789.000001B2E439A000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1591178752.000001B2E4399000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tataragirld.site:443dEMfRi659Ir.exe, 00000002.00000003.1607828980.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606168907.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604870904.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1607703476.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1604753376.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1603226104.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000002.1609070610.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmp, EMfRi659Ir.exe, 00000002.00000003.1606336337.000001B2E43A7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1586713
        Start date and time:2025-01-09 14:41:08 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 3m 50s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:5
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:EMfRi659Ir.exe
        renamed because original name is a hash value
        Original Sample Name:cd9660e42868082ea20472ecd6a22ae9573053af7c1de8daaa5f4f75c99c41b6.exe
        Detection:MAL
        Classification:mal52.winEXE@1/0@1/0
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:Failed
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Stop behavior analysis, all processes terminated

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
        • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtQueryValueKey calls found.
        • VT rate limit hit for: EMfRi659Ir.exe

        Simulations

        Behavior and APIs

        TimeTypeDescription
        08:42:20API Interceptor20x Sleep call for process: EMfRi659Ir.exe modified

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        s-part-0017.t-0009.t-msedge.nethttps://laserglow-technologies-industrial-48815730.hubspotpagebuilder.com/laserglowGet hashmaliciousHTMLPhisherBrowse
        • 13.107.246.45
        colleague[1].htmGet hashmaliciousUnknownBrowse
        • 13.107.246.45
        bc7EKCf.exeGet hashmaliciousStormKittyBrowse
        • 13.107.246.45
        https://mo.iecxtug.ru/eoQpd/Get hashmaliciousUnknownBrowse
        • 13.107.246.45
        1In8uYbvZJ.ps1Get hashmaliciousUnknownBrowse
        • 13.107.246.45
        fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
        • 13.107.246.45
        Subscription_Renewal_Invoice_2025_FGHDCS.htmlGet hashmaliciousHTMLPhisherBrowse
        • 13.107.246.45
        GT98765009064.xlsxGet hashmaliciousUnknownBrowse
        • 13.107.246.45
        https://lap.gnoqwwhpwe.ru/3aeK/#Dmestevao@iif.comGet hashmaliciousUnknownBrowse
        • 13.107.246.45
        Condenast eCHECK- Payment Advice.htmlGet hashmaliciousUnknownBrowse
        • 13.107.246.45

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
        Entropy (8bit):6.713053675074008
        TrID:
        • Win64 Executable (generic) (12005/4) 74.95%
        • Generic Win/DOS Executable (2004/3) 12.51%
        • DOS Executable Generic (2002/1) 12.50%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
        File name:EMfRi659Ir.exe
        File size:2'636'824 bytes
        MD5:1d193430d800a1c0e6864567543c47bb
        SHA1:ab5c3eb3dab9f89a2f8876a9e3ca0a75384f4eab
        SHA256:cd9660e42868082ea20472ecd6a22ae9573053af7c1de8daaa5f4f75c99c41b6
        SHA512:2ae1b71a1728b5b7d80c2542b111bb818dfe7b766300a703ab4cea021f48c5110082d220b02caa549191910f78366ef331f1627d130beb182d1ebec9c3c71c30
        SSDEEP:49152:rYoQhcn8+iezb8XIw13ItW4vsmoNvOgbesU43ZkgFi0/fkhrC+11SqKDZ8gUH9jL:Pz+y4VC68YwiKN
        TLSH:8CC54A2B61A9609AE3E7C07CE5065792FC3176485E39A3B724B68392373091C9B7D373
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....vg.................."..8(..J..W..........@..............................2.......(...`... ............................

        File Icon

        Icon Hash:00928e8e8686b000

        Static PE Info

        General

        Entrypoint:0x140001157
        Entrypoint Section:.text
        Digitally signed:false
        Imagebase:0x140000000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
        Time Stamp:0x6776E7B8 [Thu Jan 2 19:23:36 2025 UTC]
        TLS Callbacks:0x4022d7a0, 0x1, 0x4022d860, 0x1
        CLR (.Net) Version:
        OS Version Major:4
        OS Version Minor:0
        File Version Major:4
        File Version Minor:0
        Subsystem Version Major:4
        Subsystem Version Minor:0
        Import Hash:9ce1e3b170c9365da5a16f5bce0983b0

        Entrypoint Preview

        Instruction
        push ebp
        dec eax
        mov ebp, esp
        dec eax
        sub esp, 30h
        mov dword ptr [ebp-04h], 000000FFh
        dec eax
        mov eax, dword ptr [00276003h]
        mov dword ptr [eax], 00000001h
        call 00007FAC6CB74A42h
        mov dword ptr [ebp-04h], eax
        nop
        nop
        mov eax, dword ptr [ebp-04h]
        dec eax
        add esp, 30h
        pop ebp
        ret
        push ebp
        dec eax
        mov ebp, esp
        dec eax
        sub esp, 30h
        mov dword ptr [ebp-04h], 000000FFh
        dec eax
        mov eax, dword ptr [00275FD4h]
        mov dword ptr [eax], 00000000h
        call 00007FAC6CB74A13h
        mov dword ptr [ebp-04h], eax
        nop
        nop
        mov eax, dword ptr [ebp-04h]
        dec eax
        add esp, 30h
        pop ebp
        ret
        push ebp
        dec eax
        mov ebp, esp
        dec eax
        sub esp, 70h
        dec eax
        mov dword ptr [ebp-10h], 00000000h
        mov dword ptr [ebp-1Ch], 00000030h
        mov eax, dword ptr [ebp-1Ch]
        dec eax
        mov eax, dword ptr [eax]
        dec eax
        mov dword ptr [ebp-28h], eax
        dec eax
        mov eax, dword ptr [ebp-28h]
        dec eax
        mov eax, dword ptr [eax+08h]
        dec eax
        mov dword ptr [ebp-18h], eax
        mov dword ptr [ebp-04h], 00000000h
        jmp 00007FAC6CB74A23h
        dec eax
        mov eax, dword ptr [ebp-10h]
        dec eax
        cmp eax, dword ptr [ebp-18h]
        jne 00007FAC6CB74A0Bh
        mov dword ptr [ebp-04h], 00000001h
        jmp 00007FAC6CB74A47h
        mov ecx, 000003E8h
        dec eax
        mov eax, dword ptr [00319FB5h]
        call eax
        dec eax
        mov eax, dword ptr [00275F7Ch]
        dec eax
        mov dword ptr [ebp-30h], eax
        dec eax
        mov eax, dword ptr [ebp-18h]
        dec eax
        mov dword ptr [ebp+00h], eax

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x31b0000x4d4.idata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x31e0000x178.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2780000x756c.pdata
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x31f0000x3fc.reloc
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x276de00x28.rdata
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x31b1700x108.idata
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x22d8980x22da001ba566df3d7ba406e905f858dfca9c73unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        .data0x22f0000xe9900xea00ed9ec624a52a1450be4e17c37ad532c7False0.7278812767094017data7.907353215783904IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .rdata0x23e0000x393700x3940062e6150683e0018b3420b1f9a04dc6f1False0.8832346820414847data7.8534439409010455IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .pdata0x2780000x756c0x76002d192b22115fa929b7a7d51099770ce8False0.5051972987288136data6.0788567314168125IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .xdata0x2800000x58d80x5a00f8eeb088f7b72df899cf78bcc0bd2dddFalse0.16475694444444444, SYS \003\001P3.451396623499527IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .bss0x2860000x948600x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .idata0x31b0000x4d40x600a2a509be5075d1e02c949bb04e762558False0.3313802083333333data3.609653204427918IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .CRT0x31c0000x300x200c27e7a3294b1032d0e919448da6c428cFalse0.05078125data0.19196315608732903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .tls0x31d0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .rsrc0x31e0000x1780x200e8d54dd241051510dbe96416ab7c3e63False0.400390625data2.0943594687221996IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .reloc0x31f0000x3fc0x40016fc8c1db9ec8fce8bbe38c2129b7cf8False0.7080078125data5.253227785857478IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

        Resources

        NameRVASizeTypeLanguageCountryZLIB Complexity
        RT_VERSION0x31e0580x11cSVr3 curses screen image, little-endianEnglishUnited States0.5985915492957746

        Imports

        DLLImport
        ADVAPI32.dllRegCloseKey, RegDeleteKeyW, RegEnumKeyExA, RegQueryValueExA
        KERNEL32.dllGetOEMCP, GetProcAddress, InitializeCriticalSection, LoadLibraryA, SetUnhandledExceptionFilter, Sleep, TlsAlloc, TlsGetValue, TlsSetValue, VirtualFree, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualUnlock
        msvcrt.dll__C_specific_handler, atexit, calloc, exit, free, malloc, memcpy, memset, realloc, signal
        USER32.dllGetKeyNameTextW

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        EnglishUnited States

        Network Behavior

        Network Port Distribution

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 9, 2025 14:42:26.420454979 CET5641753192.168.2.91.1.1.1
        Jan 9, 2025 14:42:26.429110050 CET53564171.1.1.1192.168.2.9

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 9, 2025 14:42:26.420454979 CET192.168.2.91.1.1.10xbe38Standard query (0)tataragirld.siteA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 9, 2025 14:41:57.782351017 CET1.1.1.1192.168.2.90x225eNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
        Jan 9, 2025 14:41:57.782351017 CET1.1.1.1192.168.2.90x225eNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
        Jan 9, 2025 14:42:26.429110050 CET1.1.1.1192.168.2.90xbe38Name error (3)tataragirld.sitenonenoneA (IP address)IN (0x0001)false

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        System Behavior

        General

        Target ID:2
        Start time:08:42:18
        Start date:09/01/2025
        Path:C:\Users\user\Desktop\EMfRi659Ir.exe
        Wow64 process (32bit):false
        Commandline:"C:\Users\user\Desktop\EMfRi659Ir.exe"
        Imagebase:0x7ff66cb30000
        File size:2'636'824 bytes
        MD5 hash:1D193430D800A1C0E6864567543C47BB
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:10.8%
          Dynamic/Decrypted Code Coverage:100%
          Signature Coverage:43.6%
          Total number of Nodes:1533
          Total number of Limit Nodes:40
          execution_graph 5916 7ff66cb3137c 5917 7ff66cb319c5 5 API calls 5916->5917 5918 7ff66cb31393 5917->5918 5919 7ff66cb3287d 5920 7ff66cb32788 5919->5920 5921 7ff66cb3afe0 4 API calls 5920->5921 5922 7ff66cb3285b 5920->5922 5921->5920 5939 7ff66cb31186 5940 7ff66cb311b5 29 API calls 5939->5940 5941 7ff66cb311a7 5940->5941 5752 7ff66cb3140a 5755 7ff66cb319c5 5752->5755 5756 7ff66cb31427 5755->5756 5757 7ff66cb319e5 5755->5757 5758 7ff66cb31a16 5757->5758 5761 7ff66cb3b150 5757->5761 5758->5756 5760 7ff66cb3746c 4 API calls 5758->5760 5760->5756 5762 7ff66cb3b178 5761->5762 5763 7ff66cb3b185 5762->5763 5766 7ff66cb3b180 5762->5766 5764 7ff66cb3746c 4 API calls 5763->5764 5770 7ff66cb3b18a 5764->5770 5765 7ff66cb3b357 5766->5765 5767 7ff66cb3b305 5766->5767 5768 7ff66cb3b300 5766->5768 5769 7ff66cb3746c 4 API calls 5767->5769 5771 7ff66cb3b333 realloc 5768->5771 5772 7ff66cb3b323 5768->5772 5769->5770 5770->5758 5771->5770 5773 7ff66cb37fe0 4 API calls 5772->5773 5773->5770 5777 7ff66cd5e828 free 5778 7ff66ce4b230 5777->5778 5942 7ff66cb31590 5944 7ff66cb3160f 5942->5944 5943 7ff66cb319c5 calloc free free realloc malloc 5943->5944 5944->5943 5945 7ff66cb316e6 5944->5945 5946 7ff66cb36194 5951 7ff66cb36179 5946->5951 5949 7ff66cb361c7 5950 7ff66cb3746c 4 API calls 5950->5949 5952 7ff66cb37220 TlsGetValue 5951->5952 5953 7ff66cb3618b 5952->5953 5953->5949 5953->5950 5779 7ff66cb33c17 5780 7ff66cb37fe0 4 API calls 5779->5780 5781 7ff66cb33c59 5780->5781 5782 7ff66cb3151c 5783 7ff66cb3152a 5782->5783 5794 7ff66cb3188e 5783->5794 5786 7ff66cb3afe0 4 API calls 5787 7ff66cb32269 5786->5787 5801 7ff66cb3b0f3 5787->5801 5790 7ff66cb3188e 9 API calls 5791 7ff66cb3230a 5790->5791 5792 7ff66cb32312 5791->5792 5793 7ff66cb3afe0 4 API calls 5791->5793 5793->5792 5797 7ff66cb3189c 5794->5797 5795 7ff66cb3195b 5795->5786 5795->5787 5796 7ff66cb31951 5798 7ff66cb3adc0 9 API calls 5796->5798 5797->5795 5797->5796 5799 7ff66cb31956 5797->5799 5798->5795 5800 7ff66cb3746c 4 API calls 5799->5800 5800->5795 5802 7ff66cb3b10a 5801->5802 5803 7ff66cb322f0 5801->5803 5802->5803 5804 7ff66cb3b136 free 5802->5804 5803->5790 5804->5803 5957 7ff66cb36da0 5958 7ff66cb36db7 5957->5958 5960 7ff66cb3746c 4 API calls 5958->5960 5962 7ff66cb36ee3 5958->5962 5963 7ff66cb36ef2 5958->5963 5959 7ff66cb36179 TlsGetValue 5961 7ff66cb36f37 5959->5961 5960->5962 5962->5959 5962->5963 5967 7ff66cb347a6 5968 7ff66cb347c4 5967->5968 5969 7ff66cb344ac TlsGetValue 5968->5969 5970 7ff66cb347d7 5969->5970 5971 7ff66cb342a0 2 API calls 5970->5971 5972 7ff66cb347ed 5971->5972 5973 7ff66cb348ff 5972->5973 5979 7ff66cc01f2c 5972->5979 5976 7ff66cb3d6d0 4 API calls 5977 7ff66cb3489e 5976->5977 5978 7ff66cb3d180 4 API calls 5977->5978 5978->5973 5988 7ff66cc01d1d 5979->5988 5983 7ff66cb3746c 4 API calls 5984 7ff66cc01fea 5983->5984 5991 7ff66cc01d40 5984->5991 5985 7ff66cb34821 5985->5973 5985->5976 5986 7ff66cc02009 5986->5985 5987 7ff66cb39afc 4 API calls 5986->5987 5987->5985 5989 7ff66cb37220 TlsGetValue 5988->5989 5990 7ff66cc01d2f 5989->5990 5990->5983 5990->5984 5992 7ff66cc01d59 5991->5992 5994 7ff66cc01eed 5991->5994 5993 7ff66cb3746c 4 API calls 5992->5993 5992->5994 5993->5994 5994->5986 6010 7ff66cb33837 6011 7ff66cb3d9a5 5 API calls 6010->6011 6012 7ff66cb3384d 6011->6012 6029 7ff66cb3143e 6030 7ff66cb3144c 6029->6030 6031 7ff66cb3188e 9 API calls 6030->6031 6032 7ff66cb31f1e 6031->6032 6033 7ff66cb31f26 6032->6033 6034 7ff66cb3afe0 4 API calls 6032->6034 6035 7ff66cb3b0f3 free 6033->6035 6034->6033 6036 7ff66cb31fa8 6035->6036 6037 7ff66cb3188e 9 API calls 6036->6037 6038 7ff66cb31fc2 6037->6038 6039 7ff66cb31fca 6038->6039 6040 7ff66cb3afe0 4 API calls 6038->6040 6041 7ff66cb3202f 6039->6041 6042 7ff66cb32096 6039->6042 6043 7ff66cb3188e 9 API calls 6039->6043 6040->6039 6041->6041 6044 7ff66cb3afe0 4 API calls 6042->6044 6046 7ff66cb3209e 6042->6046 6043->6042 6044->6046 6045 7ff66cb3b0f3 free 6047 7ff66cb3210f 6045->6047 6046->6045 6048 7ff66cb3188e 9 API calls 6047->6048 6049 7ff66cb32129 6048->6049 6050 7ff66cb32131 6049->6050 6051 7ff66cb3afe0 4 API calls 6049->6051 6051->6050 5805 7ff66cb385be 5809 7ff66cb385c4 5805->5809 5806 7ff66cb38b69 5807 7ff66cb38eee 5808 7ff66cb3746c 4 API calls 5807->5808 5808->5806 5809->5806 5809->5807 5811 7ff66cb382c0 5809->5811 5812 7ff66cb3837c 5811->5812 5814 7ff66cb38448 5811->5814 5813 7ff66cb3746c 4 API calls 5812->5813 5812->5814 5813->5814 5814->5809 5814->5814 6052 7ff66cb33b43 6053 7ff66cb33b89 6052->6053 6055 7ff66cb33be3 6052->6055 6054 7ff66cb3746c 4 API calls 6053->6054 6054->6055 5820 7ff66cb3d0cd 5822 7ff66cb3d0ee 5820->5822 5821 7ff66cb3d0f6 5822->5821 5826 7ff66cb3ccb1 5822->5826 5825 7ff66cb3cfb8 9 API calls 5825->5821 5827 7ff66cb3ccd1 5826->5827 5828 7ff66cb3cd50 5826->5828 5827->5828 5831 7ff66cb3746c 4 API calls 5827->5831 5829 7ff66cb3cda0 9 API calls 5828->5829 5830 7ff66cb3cd79 5829->5830 5832 7ff66cb3cd81 5830->5832 5833 7ff66cb3afe0 4 API calls 5830->5833 5831->5828 5832->5825 5833->5832 6056 7ff66cb3434b TlsSetValue 6057 7ff66cb34375 6056->6057 5838 7ff66cb335ce 5839 7ff66cb33667 5838->5839 5841 7ff66cb336bf 5838->5841 5840 7ff66cb3d9a5 5 API calls 5839->5840 5840->5841 4297 7ff66cb31157 4300 7ff66cb311b5 4297->4300 4302 7ff66cb311ec 4300->4302 4301 7ff66cb31252 exit 4303 7ff66cb3125c 4301->4303 4302->4301 4302->4303 4309 7ff66cd5df81 4303->4309 4306 7ff66cb31307 4315 7ff66cd5d740 4306->4315 4310 7ff66cb312e5 SetUnhandledExceptionFilter 4309->4310 4311 7ff66cd5df97 4309->4311 4310->4306 4319 7ff66cd5dc5b 4311->4319 4316 7ff66cd5d758 4315->4316 4338 7ff66cd5d71b 4316->4338 4320 7ff66cd5dd23 4319->4320 4321 7ff66cd5dc8e 4319->4321 4326 7ff66cd5db3c 4320->4326 4322 7ff66cd5dccf 4321->4322 4323 7ff66cd5dd28 4321->4323 4322->4320 4330 7ff66cd5dc14 4322->4330 4323->4320 4325 7ff66cd5dc14 VirtualProtect 4323->4325 4325->4323 4327 7ff66cd5db50 4326->4327 4328 7ff66cd5dc0c 4327->4328 4329 7ff66cd5db78 VirtualProtect 4327->4329 4328->4310 4329->4327 4331 7ff66cd5dc2f 4330->4331 4333 7ff66cd5dc3b 4330->4333 4334 7ff66cd5d8c0 4331->4334 4333->4322 4336 7ff66cd5d8d8 4334->4336 4335 7ff66cd5db1e 4335->4333 4336->4335 4337 7ff66cd5da92 VirtualProtect 4336->4337 4337->4335 4341 7ff66cd5d708 4338->4341 4344 7ff66cd5c9e4 4341->4344 4807 7ff66cb32a20 4344->4807 4348 7ff66cd5c9ed 4826 7ff66cb32fb1 4348->4826 4833 7ff66cb34a99 4348->4833 4839 7ff66cb65218 4348->4839 4359 7ff66cd5c990 4359->4344 4372 7ff66cb935f9 4359->4372 4377 7ff66cbf83fd 4359->4377 4385 7ff66cc56848 4359->4385 4388 7ff66cc57de0 4359->4388 4392 7ff66cc63e00 4359->4392 4399 7ff66cbce0d4 4359->4399 4412 7ff66cbce1d0 4359->4412 4423 7ff66cbce380 4359->4423 4432 7ff66cbe1e27 4359->4432 4437 7ff66cb95990 4359->4437 4441 7ff66cb9a568 4359->4441 4446 7ff66cbcbaa0 4359->4446 4787 7ff66cc463a5 4359->4787 4791 7ff66cc472cd 4359->4791 4796 7ff66cc9b1c4 4359->4796 4803 7ff66ccd89f1 4359->4803 4846 7ff66cbcdef4 4359->4846 4851 7ff66cbcdf7c 4359->4851 4872 7ff66cc56878 4359->4872 4877 7ff66cd50dc9 4359->4877 4885 7ff66cd53370 4359->4885 4890 7ff66cb3e2a9 4372->4890 4378 7ff66cbf840f 4377->4378 5021 7ff66cb7b9c0 4378->5021 4380 7ff66cbf849a 4381 7ff66cb64980 10 API calls 4380->4381 4382 7ff66cbf84c0 4381->4382 4382->4359 5216 7ff66cc5285a 4385->5216 4390 7ff66cc57de9 4388->4390 4389 7ff66cc57fa9 4390->4389 5219 7ff66cc57b78 4390->5219 4394 7ff66cc63e39 4392->4394 5282 7ff66cc63f10 4394->5282 5289 7ff66cc62e98 4394->5289 4396 7ff66cc63eeb 4396->4394 4397 7ff66cb64980 10 API calls 4396->4397 4398 7ff66cc63eff 4396->4398 4397->4396 4398->4359 5301 7ff66cb414b0 4399->5301 4401 7ff66cbce0fa 5305 7ff66cb41700 4401->5305 4404 7ff66cb41700 3 API calls 4405 7ff66cbce169 4404->4405 4406 7ff66cb41700 3 API calls 4405->4406 4407 7ff66cbce183 4406->4407 4408 7ff66cb41700 3 API calls 4407->4408 4409 7ff66cbce19d 4408->4409 4410 7ff66cb41700 3 API calls 4409->4410 4411 7ff66cbce1b7 4410->4411 4411->4359 4413 7ff66cbce375 4412->4413 4414 7ff66cbce21b 4412->4414 4415 7ff66cb414b0 LoadLibraryA 4414->4415 4416 7ff66cbce299 4415->4416 4416->4413 4417 7ff66cb41700 3 API calls 4416->4417 4418 7ff66cbce321 4417->4418 4419 7ff66cb41700 3 API calls 4418->4419 4420 7ff66cbce343 4419->4420 4421 7ff66cb41700 3 API calls 4420->4421 4422 7ff66cbce365 4421->4422 4422->4359 4424 7ff66cb414b0 LoadLibraryA 4423->4424 4425 7ff66cbce3a6 4424->4425 4426 7ff66cb41700 3 API calls 4425->4426 4427 7ff66cbce3fb 4426->4427 4428 7ff66cb41700 3 API calls 4427->4428 4429 7ff66cbce415 4428->4429 4430 7ff66cb41700 3 API calls 4429->4430 4431 7ff66cbce42f 4430->4431 4431->4359 4433 7ff66cb414b0 LoadLibraryA 4432->4433 4434 7ff66cbe1e4d 4433->4434 4435 7ff66cb41700 3 API calls 4434->4435 4436 7ff66cbe1ea2 4435->4436 4436->4359 4439 7ff66cb95a03 4437->4439 4440 7ff66cb3d6d0 4 API calls 4439->4440 5314 7ff66cb95850 4439->5314 4440->4439 5357 7ff66cb3eece 4441->5357 4447 7ff66cbcbabe 4446->4447 5376 7ff66cbc7730 4447->5376 4452 7ff66cbc9bd9 TlsGetValue 4453 7ff66cbcbbb7 4452->4453 4454 7ff66cbc9bd9 TlsGetValue 4453->4454 4455 7ff66cbcbbda 4454->4455 4456 7ff66cbc9bd9 TlsGetValue 4455->4456 4457 7ff66cbcbc25 4456->4457 5383 7ff66cb93504 4457->5383 4460 7ff66cbcbce1 4462 7ff66cbc9bd9 TlsGetValue 4460->4462 4461 7ff66cbcbc9b 4463 7ff66cb3d9a5 5 API calls 4461->4463 4464 7ff66cbcbcf6 4462->4464 4481 7ff66cbcbcd8 4463->4481 4465 7ff66cbc9bd9 TlsGetValue 4464->4465 4466 7ff66cbcbd0f 4465->4466 4468 7ff66cbc9bd9 TlsGetValue 4466->4468 4467 7ff66cb64980 10 API calls 4469 7ff66cbcdec4 4467->4469 4470 7ff66cbcbd32 4468->4470 4469->4359 4471 7ff66cbc9bd9 TlsGetValue 4470->4471 4472 7ff66cbcbd7d 4471->4472 4473 7ff66cb93504 10 API calls 4472->4473 4474 7ff66cbcbdd5 4473->4474 4475 7ff66cbcbdf3 4474->4475 4476 7ff66cbcbeef 4474->4476 4479 7ff66cb3d9a5 5 API calls 4475->4479 4485 7ff66cbcdece 4475->4485 4477 7ff66cbc9bd9 TlsGetValue 4476->4477 4478 7ff66cbcbf04 4477->4478 4480 7ff66cbc9bd9 TlsGetValue 4478->4480 4479->4481 4482 7ff66cbcbf1d 4480->4482 4481->4467 4481->4485 4483 7ff66cbc9bd9 TlsGetValue 4482->4483 4484 7ff66cbcbf40 4483->4484 4486 7ff66cbc9bd9 TlsGetValue 4484->4486 4487 7ff66cbcbf8b 4486->4487 4488 7ff66cb93504 10 API calls 4487->4488 4489 7ff66cbcbfe3 4488->4489 4490 7ff66cbcc001 4489->4490 4491 7ff66cbcc02a 4489->4491 4493 7ff66cb3d9a5 5 API calls 4490->4493 4492 7ff66cbc9bd9 TlsGetValue 4491->4492 4494 7ff66cbcc03f 4492->4494 4493->4481 4495 7ff66cbc9bd9 TlsGetValue 4494->4495 4496 7ff66cbcc058 4495->4496 4497 7ff66cbc9bd9 TlsGetValue 4496->4497 4498 7ff66cbcc07b 4497->4498 4499 7ff66cbc9bd9 TlsGetValue 4498->4499 4500 7ff66cbcc0c6 4499->4500 4501 7ff66cb93504 10 API calls 4500->4501 4502 7ff66cbcc11e 4501->4502 4503 7ff66cbcc16e 4502->4503 4504 7ff66cbcc13c 4502->4504 4506 7ff66cbc9bd9 TlsGetValue 4503->4506 4505 7ff66cb3d9a5 5 API calls 4504->4505 4505->4481 4507 7ff66cbcc180 4506->4507 4508 7ff66cbc9bd9 TlsGetValue 4507->4508 4509 7ff66cbcc196 4508->4509 4510 7ff66cbc9bd9 TlsGetValue 4509->4510 4511 7ff66cbcc1b9 4510->4511 4512 7ff66cbc9bd9 TlsGetValue 4511->4512 4513 7ff66cbcc214 4512->4513 4514 7ff66cb93504 10 API calls 4513->4514 4515 7ff66cbcc263 4514->4515 4516 7ff66cbcc281 4515->4516 4517 7ff66cbcc2aa 4515->4517 4518 7ff66cb3d9a5 5 API calls 4516->4518 4519 7ff66cbc9bd9 TlsGetValue 4517->4519 4518->4481 4520 7ff66cbcc2bf 4519->4520 4521 7ff66cbc9bd9 TlsGetValue 4520->4521 4522 7ff66cbcc2d8 4521->4522 4523 7ff66cbc9bd9 TlsGetValue 4522->4523 4524 7ff66cbcc2fb 4523->4524 4525 7ff66cbc9bd9 TlsGetValue 4524->4525 4526 7ff66cbcc346 4525->4526 4527 7ff66cb93504 10 API calls 4526->4527 4528 7ff66cbcc39e 4527->4528 4529 7ff66cbcc3db 4528->4529 4530 7ff66cbcc3bc 4528->4530 4532 7ff66cbc9bd9 TlsGetValue 4529->4532 4531 7ff66cb3d9a5 5 API calls 4530->4531 4531->4481 4533 7ff66cbcc3f0 4532->4533 4534 7ff66cbc9bd9 TlsGetValue 4533->4534 4535 7ff66cbcc409 4534->4535 4536 7ff66cbc9bd9 TlsGetValue 4535->4536 4537 7ff66cbcc432 4536->4537 4538 7ff66cbc9bd9 TlsGetValue 4537->4538 4539 7ff66cbcc47d 4538->4539 4540 7ff66cb93504 10 API calls 4539->4540 4541 7ff66cbcc4d5 4540->4541 4542 7ff66cbcc512 4541->4542 4543 7ff66cbcc4f3 4541->4543 4545 7ff66cbc9bd9 TlsGetValue 4542->4545 4544 7ff66cb3d9a5 5 API calls 4543->4544 4544->4481 4546 7ff66cbcc527 4545->4546 4547 7ff66cbc9bd9 TlsGetValue 4546->4547 4548 7ff66cbcc540 4547->4548 4549 7ff66cbc9bd9 TlsGetValue 4548->4549 4550 7ff66cbcc560 4549->4550 4551 7ff66cbc9bd9 TlsGetValue 4550->4551 4552 7ff66cbcc5a5 4551->4552 4553 7ff66cb93504 10 API calls 4552->4553 4554 7ff66cbcc5fa 4553->4554 4555 7ff66cbcc64b 4554->4555 4556 7ff66cbcc62c 4554->4556 4558 7ff66cbc9bd9 TlsGetValue 4555->4558 4557 7ff66cb3d9a5 5 API calls 4556->4557 4557->4481 4559 7ff66cbcc672 4558->4559 4560 7ff66cbc9bd9 TlsGetValue 4559->4560 4561 7ff66cbcc68b 4560->4561 4562 7ff66cbc9bd9 TlsGetValue 4561->4562 4563 7ff66cbcc6ae 4562->4563 4564 7ff66cbc9bd9 TlsGetValue 4563->4564 4565 7ff66cbcc6f9 4564->4565 4566 7ff66cb93504 10 API calls 4565->4566 4567 7ff66cbcc751 4566->4567 4568 7ff66cbcc783 4567->4568 4569 7ff66cbcc86e 4567->4569 4568->4485 4571 7ff66cb3d9a5 5 API calls 4568->4571 4570 7ff66cbc9bd9 TlsGetValue 4569->4570 4572 7ff66cbcc883 4570->4572 4571->4481 4573 7ff66cbc9bd9 TlsGetValue 4572->4573 4574 7ff66cbcc89c 4573->4574 4575 7ff66cbc9bd9 TlsGetValue 4574->4575 4576 7ff66cbcc8bf 4575->4576 4577 7ff66cbc9bd9 TlsGetValue 4576->4577 4578 7ff66cbcc90a 4577->4578 4579 7ff66cb93504 10 API calls 4578->4579 4580 7ff66cbcc962 4579->4580 4581 7ff66cbcc99f 4580->4581 4582 7ff66cbcc980 4580->4582 4584 7ff66cbc9bd9 TlsGetValue 4581->4584 4583 7ff66cb3d9a5 5 API calls 4582->4583 4583->4481 4585 7ff66cbcc9b4 4584->4585 4586 7ff66cbc9bd9 TlsGetValue 4585->4586 4587 7ff66cbcc9cd 4586->4587 4588 7ff66cbc9bd9 TlsGetValue 4587->4588 4589 7ff66cbcc9ed 4588->4589 4590 7ff66cbc9bd9 TlsGetValue 4589->4590 4591 7ff66cbcca35 4590->4591 4592 7ff66cb93504 10 API calls 4591->4592 4593 7ff66cbcca8d 4592->4593 4594 7ff66cbc9bd9 TlsGetValue 4593->4594 4595 7ff66cbccaa6 4594->4595 4596 7ff66cbc9bd9 TlsGetValue 4595->4596 4597 7ff66cbccabf 4596->4597 4598 7ff66cbc9bd9 TlsGetValue 4597->4598 4599 7ff66cbccae2 4598->4599 4600 7ff66cbc9bd9 TlsGetValue 4599->4600 4601 7ff66cbccb2d 4600->4601 4602 7ff66cb93504 10 API calls 4601->4602 4603 7ff66cbccb85 4602->4603 4604 7ff66cbc9bd9 TlsGetValue 4603->4604 4605 7ff66cbccb9e 4604->4605 4606 7ff66cbc9bd9 TlsGetValue 4605->4606 4607 7ff66cbccbb7 4606->4607 4608 7ff66cbc9bd9 TlsGetValue 4607->4608 4609 7ff66cbccbda 4608->4609 4610 7ff66cbc9bd9 TlsGetValue 4609->4610 4611 7ff66cbccc25 4610->4611 4612 7ff66cb93504 10 API calls 4611->4612 4613 7ff66cbccc7d 4612->4613 4614 7ff66cbc9bd9 TlsGetValue 4613->4614 4615 7ff66cbccc96 4614->4615 4616 7ff66cbc9bd9 TlsGetValue 4615->4616 4617 7ff66cbcccaf 4616->4617 4618 7ff66cbc9bd9 TlsGetValue 4617->4618 4619 7ff66cbccccf 4618->4619 4620 7ff66cbc9bd9 TlsGetValue 4619->4620 4621 7ff66cbccd29 4620->4621 4622 7ff66cb93504 10 API calls 4621->4622 4623 7ff66cbccd81 4622->4623 4624 7ff66cbc9bd9 TlsGetValue 4623->4624 4625 7ff66cbccd9a 4624->4625 4626 7ff66cbc9bd9 TlsGetValue 4625->4626 4627 7ff66cbccdb3 4626->4627 4628 7ff66cbc9bd9 TlsGetValue 4627->4628 4629 7ff66cbccdd6 4628->4629 4630 7ff66cbc9bd9 TlsGetValue 4629->4630 4631 7ff66cbcce21 4630->4631 4632 7ff66cb93504 10 API calls 4631->4632 4633 7ff66cbcce79 4632->4633 4634 7ff66cbc9bd9 TlsGetValue 4633->4634 4635 7ff66cbcce92 4634->4635 4636 7ff66cbc9bd9 TlsGetValue 4635->4636 4637 7ff66cbcceab 4636->4637 4638 7ff66cbc9bd9 TlsGetValue 4637->4638 4639 7ff66cbccece 4638->4639 4640 7ff66cbc9bd9 TlsGetValue 4639->4640 4641 7ff66cbccf2b 4640->4641 4642 7ff66cb93504 10 API calls 4641->4642 4643 7ff66cbccf83 4642->4643 4644 7ff66cbc9bd9 TlsGetValue 4643->4644 4645 7ff66cbccf9c 4644->4645 4646 7ff66cbc9bd9 TlsGetValue 4645->4646 4647 7ff66cbccfb5 4646->4647 4648 7ff66cbc9bd9 TlsGetValue 4647->4648 4649 7ff66cbccfdb 4648->4649 4650 7ff66cbc9bd9 TlsGetValue 4649->4650 4651 7ff66cbcd020 4650->4651 4652 7ff66cb93504 10 API calls 4651->4652 4653 7ff66cbcd075 4652->4653 4654 7ff66cbc9bd9 TlsGetValue 4653->4654 4655 7ff66cbcd0a0 4654->4655 4656 7ff66cbc9bd9 TlsGetValue 4655->4656 4657 7ff66cbcd0b9 4656->4657 4658 7ff66cbc9bd9 TlsGetValue 4657->4658 4659 7ff66cbcd0ee 4658->4659 4660 7ff66cbc9bd9 TlsGetValue 4659->4660 4661 7ff66cbcd139 4660->4661 4662 7ff66cb93504 10 API calls 4661->4662 4663 7ff66cbcd191 4662->4663 4664 7ff66cbc9bd9 TlsGetValue 4663->4664 4665 7ff66cbcd1a7 4664->4665 4666 7ff66cbc9bd9 TlsGetValue 4665->4666 4667 7ff66cbcd1bd 4666->4667 4668 7ff66cbc9bd9 TlsGetValue 4667->4668 4669 7ff66cbcd1f2 4668->4669 4670 7ff66cbc9bd9 TlsGetValue 4669->4670 4671 7ff66cbcd23b 4670->4671 4672 7ff66cb93504 10 API calls 4671->4672 4673 7ff66cbcd28a 4672->4673 4674 7ff66cbc9bd9 TlsGetValue 4673->4674 4675 7ff66cbcd2a3 4674->4675 4676 7ff66cbc9bd9 TlsGetValue 4675->4676 4677 7ff66cbcd2bc 4676->4677 4678 7ff66cbc9bd9 TlsGetValue 4677->4678 4679 7ff66cbcd2df 4678->4679 4680 7ff66cbc9bd9 TlsGetValue 4679->4680 4681 7ff66cbcd32a 4680->4681 4682 7ff66cb93504 10 API calls 4681->4682 4683 7ff66cbcd382 4682->4683 4684 7ff66cbc9bd9 TlsGetValue 4683->4684 4685 7ff66cbcd39b 4684->4685 4686 7ff66cbc9bd9 TlsGetValue 4685->4686 4687 7ff66cbcd3b4 4686->4687 4688 7ff66cbc9bd9 TlsGetValue 4687->4688 4689 7ff66cbcd3ef 4688->4689 4690 7ff66cbc9bd9 TlsGetValue 4689->4690 4691 7ff66cbcd43a 4690->4691 4692 7ff66cb93504 10 API calls 4691->4692 4693 7ff66cbcd492 4692->4693 4694 7ff66cbc9bd9 TlsGetValue 4693->4694 4695 7ff66cbcd4ab 4694->4695 4696 7ff66cbc9bd9 TlsGetValue 4695->4696 4697 7ff66cbcd4c4 4696->4697 4698 7ff66cbc9bd9 TlsGetValue 4697->4698 4699 7ff66cbcd4e7 4698->4699 4700 7ff66cbc9bd9 TlsGetValue 4699->4700 4701 7ff66cbcd532 4700->4701 4702 7ff66cb93504 10 API calls 4701->4702 4703 7ff66cbcd58a 4702->4703 4704 7ff66cbc9bd9 TlsGetValue 4703->4704 4705 7ff66cbcd5a3 4704->4705 4706 7ff66cbc9bd9 TlsGetValue 4705->4706 4707 7ff66cbcd5bc 4706->4707 4708 7ff66cbc9bd9 TlsGetValue 4707->4708 4709 7ff66cbcd5df 4708->4709 4710 7ff66cbc9bd9 TlsGetValue 4709->4710 4711 7ff66cbcd62a 4710->4711 4712 7ff66cb93504 10 API calls 4711->4712 4713 7ff66cbcd682 4712->4713 4714 7ff66cbc9bd9 TlsGetValue 4713->4714 4715 7ff66cbcd6aa 4714->4715 4716 7ff66cbc9bd9 TlsGetValue 4715->4716 4717 7ff66cbcd6c0 4716->4717 4718 7ff66cbc9bd9 TlsGetValue 4717->4718 4719 7ff66cbcd6f5 4718->4719 4720 7ff66cbc9bd9 TlsGetValue 4719->4720 4721 7ff66cbcd73e 4720->4721 4722 7ff66cb93504 10 API calls 4721->4722 4723 7ff66cbcd78d 4722->4723 4724 7ff66cbc9bd9 TlsGetValue 4723->4724 4725 7ff66cbcd7a6 4724->4725 4726 7ff66cbc9bd9 TlsGetValue 4725->4726 4727 7ff66cbcd7d1 4726->4727 4728 7ff66cbc9bd9 TlsGetValue 4727->4728 4729 7ff66cbcd7f7 4728->4729 4730 7ff66cbc9bd9 TlsGetValue 4729->4730 4731 7ff66cbcd83f 4730->4731 4732 7ff66cb93504 10 API calls 4731->4732 4733 7ff66cbcd897 4732->4733 5400 7ff66cb6664c 4733->5400 4738 7ff66cb3d6d0 4 API calls 4739 7ff66cbcd925 4738->4739 5423 7ff66cb7ad90 4739->5423 4742 7ff66cb3d6d0 4 API calls 4743 7ff66cbcd965 4742->4743 4744 7ff66cb7ad90 6 API calls 4743->4744 4745 7ff66cbcd981 4744->4745 4745->4481 4746 7ff66cb3d6d0 4 API calls 4745->4746 4747 7ff66cbcd9a5 4746->4747 4748 7ff66cb7ad90 6 API calls 4747->4748 4749 7ff66cbcd9c1 4748->4749 4749->4481 4750 7ff66cb3d6d0 4 API calls 4749->4750 4751 7ff66cbcd9eb 4750->4751 4752 7ff66cb7ad90 6 API calls 4751->4752 4753 7ff66cbcda07 4752->4753 4753->4481 4754 7ff66cb3d6d0 4 API calls 4753->4754 4755 7ff66cbcda2b 4754->4755 4756 7ff66cb7ad90 6 API calls 4755->4756 4757 7ff66cbcda4d 4756->4757 4757->4481 4758 7ff66cb3d6d0 4 API calls 4757->4758 4759 7ff66cbcda71 4758->4759 4760 7ff66cb7ad90 6 API calls 4759->4760 4761 7ff66cbcda8d 4760->4761 4761->4481 4762 7ff66cb3d6d0 4 API calls 4761->4762 4763 7ff66cbcdab1 4762->4763 4764 7ff66cb7ad90 6 API calls 4763->4764 4766 7ff66cbcdacd 4764->4766 4765 7ff66cb3d6d0 4 API calls 4765->4766 4766->4481 4766->4485 4766->4765 4767 7ff66cb7ad90 6 API calls 4766->4767 4768 7ff66cbcdc6c 4766->4768 4767->4766 4768->4481 4769 7ff66cb3d6d0 4 API calls 4768->4769 4770 7ff66cbcdc8f 4769->4770 4771 7ff66cb7ad90 6 API calls 4770->4771 4772 7ff66cbcdcb1 4771->4772 4772->4481 4773 7ff66cb3d6d0 4 API calls 4772->4773 4774 7ff66cbcdcd5 4773->4774 4775 7ff66cb7ad90 6 API calls 4774->4775 4777 7ff66cbcdcf1 4775->4777 4776 7ff66cb3d6d0 4 API calls 4776->4777 4777->4481 4777->4485 4777->4776 4778 7ff66cb7ad90 6 API calls 4777->4778 4779 7ff66cbcde38 4777->4779 4778->4777 4779->4481 4780 7ff66cb3d6d0 4 API calls 4779->4780 4781 7ff66cbcde5b 4780->4781 4782 7ff66cb7ad90 6 API calls 4781->4782 4783 7ff66cbcde77 4782->4783 4783->4481 4784 7ff66cb3d6d0 4 API calls 4783->4784 4785 7ff66cbcde9b 4784->4785 4786 7ff66cb7ad90 6 API calls 4785->4786 4786->4481 4788 7ff66cc463b8 4787->4788 4789 7ff66cb64980 10 API calls 4788->4789 4790 7ff66cc463fc 4789->4790 4790->4359 5619 7ff66cc47209 4791->5619 4795 7ff66cc472e2 4797 7ff66cb3d6d0 4 API calls 4796->4797 4798 7ff66cc9b1d7 4797->4798 4799 7ff66cb3eef8 free 4798->4799 4800 7ff66cc9b207 4799->4800 4801 7ff66cb64980 10 API calls 4800->4801 4802 7ff66cc9b20c 4801->4802 4802->4359 4804 7ff66ccd89fa 4803->4804 5626 7ff66cb7c170 4804->5626 4808 7ff66cb32c57 4807->4808 4809 7ff66cb32a89 4807->4809 4810 7ff66cb414b0 LoadLibraryA 4809->4810 4811 7ff66cb32af3 4810->4811 4811->4808 4812 7ff66cb41700 3 API calls 4811->4812 4813 7ff66cb32b7b 4812->4813 4814 7ff66cb41700 3 API calls 4813->4814 4815 7ff66cb32b9d 4814->4815 4816 7ff66cb41700 3 API calls 4815->4816 4817 7ff66cb32bbf 4816->4817 4818 7ff66cb41700 3 API calls 4817->4818 4819 7ff66cb32be1 4818->4819 4820 7ff66cb41700 3 API calls 4819->4820 4821 7ff66cb32c03 4820->4821 4822 7ff66cb41700 3 API calls 4821->4822 4823 7ff66cb32c25 4822->4823 4824 7ff66cb41700 3 API calls 4823->4824 4825 7ff66cb32c47 4824->4825 4825->4348 4827 7ff66cb414b0 LoadLibraryA 4826->4827 4828 7ff66cb32fd7 4827->4828 4829 7ff66cb41700 3 API calls 4828->4829 4830 7ff66cb3302c 4829->4830 4831 7ff66cb41700 3 API calls 4830->4831 4832 7ff66cb33046 4831->4832 4832->4348 4834 7ff66cb34aab 4833->4834 4835 7ff66cb414b0 LoadLibraryA 4834->4835 4836 7ff66cb34acf 4835->4836 4837 7ff66cb41700 3 API calls 4836->4837 4838 7ff66cb34b2e 4837->4838 4838->4348 4840 7ff66cb414b0 LoadLibraryA 4839->4840 4841 7ff66cb65228 4840->4841 4842 7ff66cb65255 4841->4842 4843 7ff66cb6523e ExitProcess 4841->4843 4844 7ff66cb41700 3 API calls 4842->4844 4843->4842 4845 7ff66cb65266 4844->4845 4845->4359 4847 7ff66cb414b0 LoadLibraryA 4846->4847 4848 7ff66cbcdf1a 4847->4848 4849 7ff66cb41700 3 API calls 4848->4849 4850 7ff66cbcdf6f 4849->4850 4850->4359 4852 7ff66cb414b0 LoadLibraryA 4851->4852 4853 7ff66cbcdfa2 4852->4853 4854 7ff66cb41700 3 API calls 4853->4854 4855 7ff66cbcdff7 4854->4855 4856 7ff66cb41700 3 API calls 4855->4856 4857 7ff66cbce011 4856->4857 4858 7ff66cb41700 3 API calls 4857->4858 4859 7ff66cbce02b 4858->4859 4860 7ff66cb41700 3 API calls 4859->4860 4861 7ff66cbce045 4860->4861 4862 7ff66cb41700 3 API calls 4861->4862 4863 7ff66cbce05f 4862->4863 4864 7ff66cb41700 3 API calls 4863->4864 4865 7ff66cbce079 4864->4865 4866 7ff66cb41700 3 API calls 4865->4866 4867 7ff66cbce093 4866->4867 4868 7ff66cb41700 3 API calls 4867->4868 4869 7ff66cbce0ad 4868->4869 4870 7ff66cb41700 3 API calls 4869->4870 4871 7ff66cbce0c7 4870->4871 4871->4359 4873 7ff66cb414b0 LoadLibraryA 4872->4873 4874 7ff66cc5689e 4873->4874 4875 7ff66cb41700 3 API calls 4874->4875 4876 7ff66cc568f3 4875->4876 4876->4359 4878 7ff66cd50ddb 4877->4878 4879 7ff66cb414b0 LoadLibraryA 4878->4879 4880 7ff66cd50e08 4879->4880 4881 7ff66cb41700 3 API calls 4880->4881 4882 7ff66cd50e66 4881->4882 4883 7ff66cb41700 3 API calls 4882->4883 4884 7ff66cd50e88 4883->4884 4884->4359 4886 7ff66cb414b0 LoadLibraryA 4885->4886 4887 7ff66cd53396 4886->4887 4888 7ff66cb41700 3 API calls 4887->4888 4889 7ff66cd533eb 4888->4889 4889->4359 4898 7ff66cb3e1c0 4890->4898 4893 7ff66cb64980 4894 7ff66cb649bf 4893->4894 4896 7ff66cb64b1a 4894->4896 4994 7ff66cb3cfb8 4894->4994 4896->4359 4900 7ff66cb3e24e 4898->4900 4902 7ff66cb3e29b 4900->4902 4903 7ff66cb3dab0 4900->4903 4913 7ff66cb3de10 4900->4913 4902->4893 4904 7ff66cb3dbac 4903->4904 4908 7ff66cb3daf5 4903->4908 4906 7ff66cb3dc0e 4904->4906 4924 7ff66cb3746c 4904->4924 4906->4900 4907 7ff66cb3dc5c 4930 7ff66cb3d9a5 4907->4930 4908->4906 4908->4907 4911 7ff66cb3dce8 4908->4911 4933 7ff66cb3d984 4908->4933 4911->4906 4912 7ff66cb3746c 4 API calls 4911->4912 4912->4911 4914 7ff66cb3de2f 4913->4914 4915 7ff66cb3de43 4913->4915 4916 7ff66cb3dab0 11 API calls 4914->4916 4917 7ff66cb3de3e 4915->4917 4918 7ff66cb3df4b 4915->4918 4919 7ff66cb3df7e 4915->4919 4922 7ff66cb3df6e 4915->4922 4916->4917 4917->4900 4936 7ff66cb3bb10 4918->4936 4920 7ff66cb3746c 4 API calls 4919->4920 4920->4917 4922->4917 4923 7ff66cb3746c 4 API calls 4922->4923 4923->4917 4925 7ff66cb37475 4924->4925 4926 7ff66cb3d6d0 calloc free free malloc 4925->4926 4927 7ff66cb374a8 4926->4927 4928 7ff66cb3d180 calloc free free malloc 4927->4928 4929 7ff66cb374f8 4928->4929 4929->4906 4931 7ff66cb3d9d1 calloc free free malloc free 4930->4931 4932 7ff66cb3d9cb 4931->4932 4932->4906 4934 7ff66cb93280 10 API calls 4933->4934 4935 7ff66cb3d992 4934->4935 4937 7ff66cb3bb46 4936->4937 4938 7ff66cb372f2 calloc free free malloc 4937->4938 4939 7ff66cb3bb5e 4938->4939 4940 7ff66cb3bc48 4939->4940 4941 7ff66cb3bb8a 4939->4941 4951 7ff66cb3bc17 4939->4951 4942 7ff66cb3c6a0 calloc free free malloc 4940->4942 4943 7ff66cb3bc26 4941->4943 4944 7ff66cb3bc0e 4941->4944 4945 7ff66cb3bcb5 4942->4945 4947 7ff66cb3b730 calloc free free malloc 4943->4947 4946 7ff66cb3746c calloc free free malloc 4944->4946 4948 7ff66cb3bd67 4945->4948 4949 7ff66cb3bd7f 4945->4949 4946->4951 4947->4951 4950 7ff66cb3746c calloc free free malloc 4948->4950 4949->4951 4952 7ff66cb3c2df 4949->4952 4955 7ff66cb3be9c 4949->4955 4950->4951 4951->4922 4953 7ff66cb3c300 4952->4953 4954 7ff66cb3c305 4952->4954 4957 7ff66cb3c41d 4953->4957 4958 7ff66cb3c435 4953->4958 4956 7ff66cb3746c calloc free free malloc 4954->4956 4955->4951 4960 7ff66cb3bfb6 4955->4960 4961 7ff66cb3bfbb 4955->4961 4956->4951 4959 7ff66cb3746c calloc free free malloc 4957->4959 4963 7ff66cb3c456 4958->4963 4964 7ff66cb3c45b 4958->4964 4959->4951 4965 7ff66cb3c037 4960->4965 4966 7ff66cb3c01f 4960->4966 4962 7ff66cb3746c calloc free free malloc 4961->4962 4962->4951 4971 7ff66cb3c4b6 4963->4971 4972 7ff66cb3c4ce 4963->4972 4967 7ff66cb3746c calloc free free malloc 4964->4967 4969 7ff66cb3c045 4965->4969 4970 7ff66cb3c063 4965->4970 4968 7ff66cb3746c calloc free free malloc 4966->4968 4967->4951 4968->4951 4973 7ff66cb37fe0 calloc free free malloc 4969->4973 4974 7ff66cb3c13c 4970->4974 4975 7ff66cb3c071 4970->4975 4977 7ff66cb3746c calloc free free malloc 4971->4977 4978 7ff66cb3c4dc 4972->4978 4979 7ff66cb3c4fa 4972->4979 4973->4951 4976 7ff66cb3b370 calloc free free malloc 4974->4976 4975->4951 4982 7ff66cb37fe0 calloc free free malloc 4975->4982 4980 7ff66cb3c14d 4976->4980 4977->4951 4981 7ff66cb37fe0 calloc free free malloc 4978->4981 4983 7ff66cb3c508 4979->4983 4984 7ff66cb3c5f0 4979->4984 4990 7ff66cb3c192 4980->4990 4991 7ff66cb3c197 4980->4991 4981->4951 4982->4975 4983->4951 4987 7ff66cb37fe0 calloc free free malloc 4983->4987 4985 7ff66cb3c614 4984->4985 4986 7ff66cb3c632 4984->4986 4988 7ff66cb37fe0 calloc free free malloc 4985->4988 4989 7ff66cb3ba80 calloc free free malloc 4986->4989 4987->4983 4988->4951 4989->4951 4990->4951 4993 7ff66cb37fe0 calloc free free malloc 4990->4993 4991->4951 4992 7ff66cb3746c calloc free free malloc 4991->4992 4992->4951 4993->4951 4999 7ff66cb3cda0 4994->4999 4997 7ff66cb3cfd7 ExitProcess 5000 7ff66cb3cfaf 4999->5000 5002 7ff66cb3cdfd 4999->5002 5001 7ff66cb3cf53 5001->4997 5007 7ff66cb3afe0 5001->5007 5002->5001 5003 7ff66cb3cf49 5002->5003 5005 7ff66cb3cf4e 5002->5005 5011 7ff66cb3adc0 5003->5011 5006 7ff66cb3746c 4 API calls 5005->5006 5006->5001 5008 7ff66cb3afee 5007->5008 5009 7ff66cb3b0e0 5008->5009 5018 7ff66cb39afc 5008->5018 5009->4997 5012 7ff66cb3add7 5011->5012 5013 7ff66cb3adf7 5012->5013 5016 7ff66cb3adf2 5012->5016 5014 7ff66cb375c8 calloc free free malloc 5013->5014 5015 7ff66cb3ae10 5013->5015 5014->5015 5015->5001 5016->5015 5017 7ff66cb3ac10 9 API calls 5016->5017 5017->5015 5019 7ff66cb372f2 calloc free free malloc 5018->5019 5020 7ff66cb39b14 5019->5020 5036 7ff66cb7872d 5021->5036 5026 7ff66cb7ba59 5026->4380 5032 7ff66cb426d0 5026->5032 5030 7ff66cb7ba14 5030->5026 5089 7ff66cb7b480 5030->5089 5033 7ff66cb42749 5032->5033 5035 7ff66cb427d0 5032->5035 5199 7ff66cb4269f 5033->5199 5035->4380 5094 7ff66cb37220 5036->5094 5039 7ff66cb7b427 5040 7ff66cb7872d TlsGetValue 5039->5040 5041 7ff66cb7b435 5040->5041 5097 7ff66cb78190 5041->5097 5043 7ff66cb7b444 5044 7ff66cb7b44c 5043->5044 5104 7ff66cb7b3f3 5043->5104 5044->5026 5048 7ff66cb3d6d0 5044->5048 5047 7ff66cb39afc 4 API calls 5047->5044 5127 7ff66cb372f2 5048->5127 5051 7ff66cb3d79b 5053 7ff66cb3746c 4 API calls 5051->5053 5052 7ff66cb3d7a5 5054 7ff66cb3d7b4 5052->5054 5055 7ff66cb3d852 5052->5055 5059 7ff66cb3d7a0 5053->5059 5054->5059 5157 7ff66cb37fe0 5054->5157 5056 7ff66cb3d93a 5055->5056 5057 7ff66cb3d861 5055->5057 5134 7ff66cb3d3ba 5056->5134 5057->5059 5061 7ff66cb37fe0 4 API calls 5057->5061 5062 7ff66cb7b7d0 5059->5062 5061->5059 5063 7ff66cb7872d TlsGetValue 5062->5063 5064 7ff66cb7b7e8 5063->5064 5174 7ff66cb78750 5064->5174 5067 7ff66cb7b81c 5069 7ff66cb37fe0 4 API calls 5067->5069 5068 7ff66cb7b839 5070 7ff66cb7b9b7 5068->5070 5177 7ff66cb788f0 5068->5177 5083 7ff66cb7b834 5069->5083 5072 7ff66cb7872d TlsGetValue 5070->5072 5074 7ff66cb7b9ce 5072->5074 5073 7ff66cb7b928 5073->5070 5075 7ff66cb7b954 5073->5075 5076 7ff66cb7b427 5 API calls 5074->5076 5078 7ff66cb7b981 5075->5078 5079 7ff66cb7b99e 5075->5079 5075->5083 5077 7ff66cb7b9dc 5076->5077 5082 7ff66cb3d6d0 4 API calls 5077->5082 5088 7ff66cb7ba59 5077->5088 5080 7ff66cb37fe0 4 API calls 5078->5080 5186 7ff66cb41477 5079->5186 5080->5083 5084 7ff66cb7ba00 5082->5084 5083->5030 5085 7ff66cb7b7d0 6 API calls 5084->5085 5086 7ff66cb7ba14 5085->5086 5087 7ff66cb7b480 5 API calls 5086->5087 5086->5088 5087->5088 5088->5030 5090 7ff66cb7872d TlsGetValue 5089->5090 5092 7ff66cb7b493 5090->5092 5091 7ff66cb7b160 5 API calls 5091->5092 5092->5091 5093 7ff66cb7b5cf 5092->5093 5093->5026 5095 7ff66cb372df 5094->5095 5096 7ff66cb37272 TlsGetValue 5094->5096 5095->5039 5096->5095 5098 7ff66cb781a9 5097->5098 5099 7ff66cb78241 5097->5099 5098->5099 5101 7ff66cb3746c 4 API calls 5098->5101 5103 7ff66cb782ee 5098->5103 5099->5043 5101->5103 5103->5099 5109 7ff66cb77fb0 5103->5109 5105 7ff66cb7872d TlsGetValue 5104->5105 5106 7ff66cb7b401 5105->5106 5117 7ff66cb7b160 5106->5117 5110 7ff66cb7817d 5109->5110 5115 7ff66cb77fe0 5109->5115 5111 7ff66cb78117 5112 7ff66cb78177 5111->5112 5114 7ff66cb39ab7 free 5111->5114 5112->5043 5113 7ff66cb78190 calloc free free malloc 5113->5115 5114->5112 5115->5110 5115->5111 5115->5113 5116 7ff66cb39afc calloc free free malloc 5115->5116 5116->5115 5118 7ff66cb7872d TlsGetValue 5117->5118 5125 7ff66cb7b16e 5118->5125 5119 7ff66cb7b3aa 5120 7ff66cb7b3e4 5119->5120 5123 7ff66cb39ab7 free 5119->5123 5120->5044 5120->5047 5121 7ff66cb7b3ea 5122 7ff66cb78190 calloc free free malloc 5122->5125 5123->5120 5124 7ff66cb7b123 TlsGetValue free 5124->5125 5125->5119 5125->5120 5125->5121 5125->5122 5125->5124 5126 7ff66cb39afc calloc free free malloc 5125->5126 5126->5125 5128 7ff66cb3730f 5127->5128 5132 7ff66cb373bc 5127->5132 5129 7ff66cb373b7 5128->5129 5130 7ff66cb373b2 5128->5130 5131 7ff66cb3746c 4 API calls 5129->5131 5130->5132 5133 7ff66cb3746c 4 API calls 5130->5133 5131->5132 5132->5051 5132->5052 5133->5132 5135 7ff66cb3d3e6 5134->5135 5136 7ff66cb3d3d2 5134->5136 5138 7ff66cb3d428 5135->5138 5139 7ff66cb3d432 5135->5139 5161 7ff66cb37500 5136->5161 5140 7ff66cb3746c 4 API calls 5138->5140 5141 7ff66cb3d472 5139->5141 5143 7ff66cb3d46d 5139->5143 5142 7ff66cb3d3dc 5140->5142 5144 7ff66cb3746c 4 API calls 5141->5144 5142->5059 5145 7ff66cb3d507 5143->5145 5146 7ff66cb3d511 5143->5146 5144->5142 5147 7ff66cb3746c 4 API calls 5145->5147 5148 7ff66cb3d530 5146->5148 5149 7ff66cb3d520 5146->5149 5147->5142 5151 7ff66cb37500 calloc 5148->5151 5150 7ff66cb37fe0 4 API calls 5149->5150 5150->5142 5152 7ff66cb3d53a 5151->5152 5153 7ff66cb3d5e8 5152->5153 5154 7ff66cb3d5ed 5152->5154 5153->5142 5156 7ff66cb3746c 4 API calls 5153->5156 5155 7ff66cb3746c 4 API calls 5154->5155 5155->5142 5156->5142 5158 7ff66cb38015 5157->5158 5159 7ff66cb3804b 5157->5159 5166 7ff66cb37886 5158->5166 5159->5059 5162 7ff66cb37546 5161->5162 5163 7ff66cb3757e calloc 5162->5163 5164 7ff66cb375bc 5162->5164 5163->5162 5165 7ff66cb375b0 5163->5165 5165->5142 5167 7ff66cb37894 5166->5167 5168 7ff66cb3d6d0 calloc free malloc 5167->5168 5169 7ff66cb378a3 5168->5169 5170 7ff66cb3d180 calloc free malloc 5169->5170 5171 7ff66cb37915 5170->5171 5172 7ff66cb37987 5171->5172 5173 7ff66cb3797d free 5171->5173 5172->5159 5173->5172 5175 7ff66cb7872d TlsGetValue 5174->5175 5176 7ff66cb7875e 5175->5176 5176->5067 5176->5068 5178 7ff66cb789e2 5177->5178 5179 7ff66cb78939 5177->5179 5178->5073 5180 7ff66cb7872d TlsGetValue 5179->5180 5181 7ff66cb78986 5180->5181 5181->5178 5182 7ff66cb789d9 5181->5182 5183 7ff66cb789d4 5181->5183 5184 7ff66cb3746c 4 API calls 5182->5184 5183->5178 5185 7ff66cb3746c 4 API calls 5183->5185 5184->5178 5185->5178 5189 7ff66cb40a80 5186->5189 5190 7ff66cb40b59 5189->5190 5194 7ff66cb40b3c 5189->5194 5191 7ff66cb40c60 5190->5191 5192 7ff66cb3746c calloc free free malloc 5190->5192 5192->5194 5193 7ff66cb40c58 5195 7ff66cb3d9a5 calloc free free malloc free 5193->5195 5194->5191 5194->5193 5196 7ff66cb40950 6 API calls 5194->5196 5197 7ff66cb40d26 5194->5197 5195->5191 5196->5194 5197->5191 5198 7ff66cb3746c calloc free free malloc 5197->5198 5198->5191 5202 7ff66cb41eb0 5199->5202 5203 7ff66cb41f08 5202->5203 5205 7ff66cb41eeb 5202->5205 5204 7ff66cb3746c 4 API calls 5203->5204 5210 7ff66cb41f0d 5204->5210 5206 7ff66cb41f4c 5205->5206 5209 7ff66cb41fe1 5205->5209 5205->5210 5212 7ff66cb41d30 5205->5212 5207 7ff66cb3d9a5 5 API calls 5206->5207 5207->5210 5209->5210 5211 7ff66cb3746c 4 API calls 5209->5211 5211->5210 5213 7ff66cb41d58 5212->5213 5214 7ff66cb41dc0 5212->5214 5213->5214 5215 7ff66cb41db6 free 5213->5215 5214->5205 5214->5214 5215->5214 5217 7ff66cb37220 TlsGetValue 5216->5217 5218 7ff66cc5286c 5217->5218 5220 7ff66cc57b81 5219->5220 5225 7ff66cc56900 5220->5225 5222 7ff66cc57c34 5222->4390 5223 7ff66cc57b94 5223->5222 5231 7ff66cc57940 5223->5231 5226 7ff66cc56a3c 5225->5226 5227 7ff66cc56956 5225->5227 5228 7ff66cb37220 TlsGetValue 5227->5228 5230 7ff66cc569b9 5228->5230 5229 7ff66cc56a1b GetSystemInfo 5229->5223 5230->5226 5230->5229 5232 7ff66cc579b5 5231->5232 5233 7ff66cc57b6f 5231->5233 5234 7ff66cc57a57 5232->5234 5237 7ff66cc57a52 5232->5237 5235 7ff66cb3d9a5 5 API calls 5234->5235 5236 7ff66cc57a66 5235->5236 5236->5223 5237->5236 5239 7ff66cb3439a 5237->5239 5250 7ff66cb344ac 5239->5250 5244 7ff66cb344a6 5244->5236 5245 7ff66cb343d7 CreateThread 5245->5244 5246 7ff66cb3443e 5245->5246 5247 7ff66cb3d6d0 4 API calls 5246->5247 5248 7ff66cb3444d 5247->5248 5256 7ff66cb3d180 5248->5256 5251 7ff66cb37220 TlsGetValue 5250->5251 5252 7ff66cb343b2 5251->5252 5253 7ff66cb342a0 VirtualAlloc 5252->5253 5254 7ff66cb344ac TlsGetValue 5253->5254 5255 7ff66cb342cc 5254->5255 5255->5244 5255->5245 5257 7ff66cb3d21d 5256->5257 5260 7ff66cb3d366 5257->5260 5264 7ff66cb3c930 calloc free free malloc 5257->5264 5258 7ff66cb3d3e6 5262 7ff66cb3d428 5258->5262 5263 7ff66cb3d432 5258->5263 5259 7ff66cb3d3d2 5261 7ff66cb37500 calloc 5259->5261 5260->5258 5260->5259 5280 7ff66cb3d3dc 5261->5280 5265 7ff66cb3746c calloc free free malloc 5262->5265 5266 7ff66cb3d46d 5263->5266 5267 7ff66cb3d472 5263->5267 5264->5260 5265->5280 5269 7ff66cb3d507 5266->5269 5270 7ff66cb3d511 5266->5270 5268 7ff66cb3746c calloc free free malloc 5267->5268 5268->5280 5271 7ff66cb3746c calloc free free malloc 5269->5271 5272 7ff66cb3d530 5270->5272 5273 7ff66cb3d520 5270->5273 5271->5280 5275 7ff66cb37500 calloc 5272->5275 5274 7ff66cb37fe0 calloc free free malloc 5273->5274 5274->5280 5276 7ff66cb3d53a 5275->5276 5277 7ff66cb3d5e8 5276->5277 5278 7ff66cb3d5ed 5276->5278 5277->5280 5281 7ff66cb3746c calloc free free malloc 5277->5281 5279 7ff66cb3746c calloc free free malloc 5278->5279 5279->5280 5280->5244 5281->5280 5283 7ff66cc63f98 5282->5283 5286 7ff66cc63fec 5282->5286 5284 7ff66cb37220 TlsGetValue 5283->5284 5284->5286 5285 7ff66cb37220 TlsGetValue 5287 7ff66cc64034 5285->5287 5286->5285 5288 7ff66cc64003 5286->5288 5287->4394 5288->4394 5290 7ff66cc63f10 TlsGetValue 5289->5290 5291 7ff66cc62ea1 5290->5291 5298 7ff66cc62f26 5291->5298 5293 7ff66cc62ebf 5294 7ff66cc62f20 5293->5294 5295 7ff66cc62f26 TlsGetValue 5293->5295 5294->4396 5296 7ff66cc62eda 5295->5296 5296->5294 5297 7ff66cb34520 7 API calls 5296->5297 5297->5294 5299 7ff66cc63f10 TlsGetValue 5298->5299 5300 7ff66cc62f34 5299->5300 5303 7ff66cb4154a LoadLibraryA 5301->5303 5304 7ff66cb415db 5303->5304 5304->4401 5306 7ff66cb41744 5305->5306 5308 7ff66cb4181b 5305->5308 5307 7ff66cb417d0 GetProcAddress 5306->5307 5307->5306 5310 7ff66cb41807 5307->5310 5308->4404 5309 7ff66cb41ccf ExitProcess 5309->5308 5310->5308 5310->5309 5311 7ff66cb41beb 5310->5311 5311->5310 5312 7ff66cb41c1a GetProcAddress 5311->5312 5313 7ff66cb41cca 5311->5313 5312->5311 5312->5312 5313->5308 5315 7ff66cb9585e 5314->5315 5322 7ff66cb95763 5315->5322 5318 7ff66cb95875 5318->4439 5320 7ff66cb95925 5320->5318 5321 7ff66cb39afc 4 API calls 5320->5321 5321->5318 5323 7ff66cb9577c 5322->5323 5326 7ff66cb957ea 5322->5326 5324 7ff66cb957a6 5323->5324 5325 7ff66cb95817 5323->5325 5324->5326 5327 7ff66cb3746c 4 API calls 5324->5327 5325->5326 5344 7ff66cb375c8 5325->5344 5326->5318 5329 7ff66cb95550 5326->5329 5327->5326 5330 7ff66cb955c2 5329->5330 5331 7ff66cb9575a 5329->5331 5332 7ff66cb95763 4 API calls 5330->5332 5333 7ff66cb95655 5332->5333 5333->5331 5334 7ff66cb95676 5333->5334 5335 7ff66cb95550 4 API calls 5333->5335 5336 7ff66cb95763 4 API calls 5334->5336 5338 7ff66cb95688 5335->5338 5339 7ff66cb956c2 5336->5339 5337 7ff66cb956ca 5337->5320 5338->5337 5340 7ff66cb39afc 4 API calls 5338->5340 5339->5337 5341 7ff66cb95550 4 API calls 5339->5341 5340->5334 5342 7ff66cb956dc 5341->5342 5342->5337 5343 7ff66cb39afc 4 API calls 5342->5343 5343->5337 5345 7ff66cb375d6 5344->5345 5346 7ff66cb376a0 5345->5346 5347 7ff66cb376a5 5345->5347 5349 7ff66cb37709 5346->5349 5350 7ff66cb37704 5346->5350 5348 7ff66cb3746c 4 API calls 5347->5348 5355 7ff66cb376aa 5348->5355 5351 7ff66cb3746c 4 API calls 5349->5351 5352 7ff66cb3777c 5350->5352 5353 7ff66cb37772 5350->5353 5351->5355 5352->5355 5356 7ff66cb3746c 4 API calls 5352->5356 5354 7ff66cb3746c 4 API calls 5353->5354 5354->5355 5355->5326 5356->5355 5360 7ff66cb3eea4 5357->5360 5363 7ff66cb3e320 5360->5363 5364 7ff66cb3e3ad 5363->5364 5365 7ff66cb3e470 5363->5365 5366 7ff66cb3e475 5364->5366 5368 7ff66cb3e570 5364->5368 5371 7ff66cb3e773 5364->5371 5373 7ff66cb3e2fe 5364->5373 5367 7ff66cb3746c 4 API calls 5365->5367 5367->5366 5369 7ff66cb3d9a5 5 API calls 5368->5369 5369->5366 5372 7ff66cb3746c 4 API calls 5371->5372 5372->5366 5374 7ff66cb3e2d3 9 API calls 5373->5374 5375 7ff66cb3e30f 5374->5375 5375->5364 5378 7ff66cbc7791 5376->5378 5377 7ff66cb37220 TlsGetValue 5377->5378 5378->5377 5379 7ff66cbc781c 5378->5379 5380 7ff66cbc9bd9 5379->5380 5381 7ff66cbc7730 TlsGetValue 5380->5381 5382 7ff66cbc9bec 5381->5382 5382->4452 5428 7ff66cb93360 5383->5428 5386 7ff66cb93539 5388 7ff66cb93360 10 API calls 5386->5388 5387 7ff66cb3afe0 4 API calls 5387->5386 5389 7ff66cb9356a 5388->5389 5390 7ff66cb93572 5389->5390 5391 7ff66cb3afe0 4 API calls 5389->5391 5392 7ff66cb93360 10 API calls 5390->5392 5391->5390 5393 7ff66cb935a3 5392->5393 5394 7ff66cb935ab 5393->5394 5395 7ff66cb3afe0 4 API calls 5393->5395 5396 7ff66cb93360 10 API calls 5394->5396 5395->5394 5397 7ff66cb935dc 5396->5397 5398 7ff66cb935e4 5397->5398 5399 7ff66cb3afe0 4 API calls 5397->5399 5398->4460 5398->4461 5399->5398 5436 7ff66cb656d4 5400->5436 5403 7ff66cb656d4 TlsGetValue 5404 7ff66cb66664 5403->5404 5405 7ff66cb3d6d0 4 API calls 5404->5405 5410 7ff66cb666f1 5404->5410 5406 7ff66cb666ac 5405->5406 5439 7ff66cb3eef8 5406->5439 5410->4481 5411 7ff66cb78b90 5410->5411 5412 7ff66cb78ba8 5411->5412 5413 7ff66cb7872d TlsGetValue 5412->5413 5414 7ff66cb78bbb 5413->5414 5462 7ff66cb78357 5414->5462 5417 7ff66cb3d6d0 4 API calls 5418 7ff66cb78be7 5417->5418 5469 7ff66cb78480 5418->5469 5421 7ff66cb78c39 5421->4481 5421->4738 5425 7ff66cb7addf 5423->5425 5424 7ff66cb7872d TlsGetValue 5424->5425 5425->5424 5427 7ff66cb7ae80 5425->5427 5515 7ff66cb798a0 5425->5515 5427->4481 5427->4742 5429 7ff66cb37220 TlsGetValue 5428->5429 5430 7ff66cb93377 5429->5430 5431 7ff66cb933ee 5430->5431 5433 7ff66cb933e9 5430->5433 5435 7ff66cb933f3 5430->5435 5434 7ff66cb3746c 4 API calls 5431->5434 5432 7ff66cb3adc0 9 API calls 5432->5435 5433->5432 5434->5435 5435->5386 5435->5387 5437 7ff66cb37220 TlsGetValue 5436->5437 5438 7ff66cb656e6 5437->5438 5438->5403 5440 7ff66cb3ef19 5439->5440 5441 7ff66cb3ef6e 5439->5441 5440->5441 5442 7ff66cb3ef64 free 5440->5442 5443 7ff66cb65e86 5441->5443 5442->5441 5444 7ff66cb65ede 5443->5444 5445 7ff66cb65ea2 5443->5445 5444->5410 5445->5444 5447 7ff66cb3ef8b 5445->5447 5448 7ff66cb3f047 5447->5448 5449 7ff66cb3f03d 5447->5449 5451 7ff66cb3f08c 5448->5451 5452 7ff66cb3f082 5448->5452 5450 7ff66cb3746c 4 API calls 5449->5450 5459 7ff66cb3f042 5450->5459 5454 7ff66cb3f0c1 malloc 5451->5454 5455 7ff66cb3f0b1 5451->5455 5453 7ff66cb3746c 4 API calls 5452->5453 5453->5459 5457 7ff66cb3f152 5454->5457 5460 7ff66cb3f15c 5454->5460 5456 7ff66cb37fe0 4 API calls 5455->5456 5456->5459 5458 7ff66cb3746c 4 API calls 5457->5458 5458->5459 5459->5444 5460->5459 5461 7ff66cb37fe0 4 API calls 5460->5461 5461->5459 5463 7ff66cb78190 4 API calls 5462->5463 5464 7ff66cb78365 5463->5464 5465 7ff66cb7836d 5464->5465 5488 7ff66cb78332 5464->5488 5465->5417 5468 7ff66cb39afc 4 API calls 5468->5465 5470 7ff66cb78565 5469->5470 5471 7ff66cb784de 5469->5471 5470->5421 5484 7ff66cb78391 5470->5484 5472 7ff66cb7872d TlsGetValue 5471->5472 5473 7ff66cb78750 TlsGetValue 5471->5473 5474 7ff66cb7853c 5471->5474 5472->5471 5473->5471 5475 7ff66cb7854d 5474->5475 5476 7ff66cb78548 5474->5476 5477 7ff66cb37fe0 4 API calls 5475->5477 5478 7ff66cb788f0 5 API calls 5476->5478 5477->5470 5479 7ff66cb78574 5478->5479 5479->5470 5480 7ff66cb78651 5479->5480 5482 7ff66cb7864c 5479->5482 5481 7ff66cb37fe0 4 API calls 5480->5481 5481->5470 5491 7ff66cb40912 5482->5491 5485 7ff66cb783ca 5484->5485 5486 7ff66cb783ea 5484->5486 5487 7ff66cb77fb0 4 API calls 5485->5487 5486->5421 5487->5486 5489 7ff66cb78351 5488->5489 5490 7ff66cb77fb0 4 API calls 5488->5490 5489->5468 5490->5489 5494 7ff66cb40150 5491->5494 5493 7ff66cb40929 5495 7ff66cb401be 5494->5495 5502 7ff66cb401a1 5494->5502 5496 7ff66cb4023b 5495->5496 5497 7ff66cb3746c calloc free free malloc 5495->5497 5498 7ff66cb40471 5496->5498 5504 7ff66cb40485 5496->5504 5512 7ff66cb4024a 5496->5512 5497->5496 5499 7ff66cb40150 calloc free free malloc free 5498->5499 5500 7ff66cb40480 5499->5500 5500->5493 5501 7ff66cb403c1 5503 7ff66cb3d9a5 calloc free free malloc free 5501->5503 5502->5496 5502->5501 5505 7ff66cb40124 calloc free free malloc 5502->5505 5510 7ff66cb40420 5502->5510 5502->5512 5503->5512 5504->5500 5506 7ff66cb406e0 5504->5506 5507 7ff66cb40713 5504->5507 5513 7ff66cb40703 5504->5513 5505->5502 5508 7ff66cb3bb10 calloc free free malloc 5506->5508 5509 7ff66cb3746c calloc free free malloc 5507->5509 5508->5513 5509->5500 5511 7ff66cb3746c calloc free free malloc 5510->5511 5511->5512 5512->5493 5513->5500 5514 7ff66cb3746c calloc free free malloc 5513->5514 5514->5500 5516 7ff66cb798d7 5515->5516 5517 7ff66cb7872d TlsGetValue 5516->5517 5518 7ff66cb7991f 5517->5518 5519 7ff66cb799f1 5518->5519 5521 7ff66cb788f0 5 API calls 5518->5521 5520 7ff66cb7a69a 5519->5520 5524 7ff66cb79b4f 5519->5524 5557 7ff66cb7a6d0 5519->5557 5520->5425 5523 7ff66cb79962 5521->5523 5525 7ff66cb799da 5523->5525 5526 7ff66cb799b3 5523->5526 5539 7ff66cb799d1 5523->5539 5529 7ff66cb79b7b 5524->5529 5530 7ff66cb79bf5 5524->5530 5524->5539 5527 7ff66cb40912 5 API calls 5525->5527 5528 7ff66cb37fe0 4 API calls 5526->5528 5527->5519 5528->5539 5531 7ff66cb79b8c 5529->5531 5532 7ff66cb79bbe 5529->5532 5533 7ff66cb788f0 5 API calls 5530->5533 5540 7ff66cb79ded 5530->5540 5534 7ff66cb3d9a5 5 API calls 5531->5534 5568 7ff66cbc926b 5532->5568 5538 7ff66cb79c27 5533->5538 5534->5539 5536 7ff66cb79f78 5537 7ff66cb3746c 4 API calls 5536->5537 5555 7ff66cb79f81 5537->5555 5538->5539 5541 7ff66cb79db5 5538->5541 5542 7ff66cb79db0 5538->5542 5539->5425 5540->5536 5543 7ff66cb79f65 5540->5543 5544 7ff66cb37fe0 4 API calls 5541->5544 5545 7ff66cb40912 5 API calls 5542->5545 5543->5555 5573 7ff66cb78fc0 5543->5573 5544->5539 5545->5540 5550 7ff66cb7872d TlsGetValue 5552 7ff66cb7a012 5550->5552 5551 7ff66cb3746c 4 API calls 5551->5539 5553 7ff66cb7a06c 5552->5553 5552->5555 5600 7ff66cb796b0 5552->5600 5554 7ff66cb3d9a5 5 API calls 5553->5554 5554->5555 5555->5539 5604 7ff66cb78d20 5555->5604 5558 7ff66cb7872d TlsGetValue 5557->5558 5559 7ff66cb7a6f3 5558->5559 5560 7ff66cb7872d TlsGetValue 5559->5560 5561 7ff66cb7a700 5560->5561 5612 7ff66cb91c05 5561->5612 5563 7ff66cb7a824 5564 7ff66cb3d9a5 5 API calls 5563->5564 5566 7ff66cb7a83d 5564->5566 5565 7ff66cb7a70f 5565->5563 5565->5565 5565->5566 5567 7ff66cb796b0 4 API calls 5565->5567 5566->5519 5567->5565 5615 7ff66cbc92c4 5568->5615 5571 7ff66cbc9289 5571->5539 5572 7ff66cb39afc 4 API calls 5572->5571 5574 7ff66cb78fde 5573->5574 5575 7ff66cb7872d TlsGetValue 5574->5575 5576 7ff66cb78ff1 5575->5576 5577 7ff66cb7904d 5576->5577 5578 7ff66cb79052 5576->5578 5580 7ff66cb790b3 5577->5580 5581 7ff66cb7908f 5577->5581 5579 7ff66cb3746c 4 API calls 5578->5579 5585 7ff66cb7905b 5579->5585 5583 7ff66cb40912 5 API calls 5580->5583 5582 7ff66cb37fe0 4 API calls 5581->5582 5582->5585 5584 7ff66cb790c4 5583->5584 5584->5585 5586 7ff66cb794a2 5584->5586 5588 7ff66cb79139 5584->5588 5590 7ff66cb791d1 5584->5590 5592 7ff66cb79477 5584->5592 5593 7ff66cb796b0 4 API calls 5584->5593 5594 7ff66cb79253 5584->5594 5597 7ff66cb792b7 5584->5597 5599 7ff66cb78d20 5 API calls 5584->5599 5585->5539 5585->5550 5587 7ff66cb77fb0 4 API calls 5586->5587 5587->5585 5589 7ff66cb3d9a5 5 API calls 5588->5589 5589->5585 5591 7ff66cb3d9a5 5 API calls 5590->5591 5591->5585 5595 7ff66cb3746c 4 API calls 5592->5595 5593->5584 5596 7ff66cb3d9a5 5 API calls 5594->5596 5595->5585 5596->5585 5598 7ff66cb3d9a5 5 API calls 5597->5598 5598->5585 5599->5584 5601 7ff66cb79726 5600->5601 5603 7ff66cb7972b 5600->5603 5602 7ff66cb3746c 4 API calls 5601->5602 5602->5603 5603->5552 5605 7ff66cb78d6e 5604->5605 5606 7ff66cb78d86 5604->5606 5607 7ff66cb3d9a5 5 API calls 5605->5607 5608 7ff66cbc926b 4 API calls 5606->5608 5609 7ff66cb78d81 5606->5609 5610 7ff66cb78ead 5606->5610 5607->5609 5608->5606 5609->5539 5609->5551 5610->5609 5611 7ff66cb3d9a5 5 API calls 5610->5611 5611->5609 5613 7ff66cb7872d TlsGetValue 5612->5613 5614 7ff66cb91c13 5613->5614 5614->5565 5616 7ff66cbc9281 5615->5616 5617 7ff66cbc92dd 5615->5617 5616->5571 5616->5572 5617->5616 5618 7ff66cb3746c calloc free free malloc 5617->5618 5618->5616 5620 7ff66cb37220 TlsGetValue 5619->5620 5621 7ff66cc4721b 5620->5621 5622 7ff66cc46840 5621->5622 5623 7ff66cc468b0 5622->5623 5625 7ff66cc46915 5622->5625 5624 7ff66cc47209 TlsGetValue 5623->5624 5624->5625 5625->4795 5627 7ff66cb7c188 5626->5627 5628 7ff66cb7872d TlsGetValue 5627->5628 5629 7ff66cb7c19b 5628->5629 5638 7ff66cb7bdec 5629->5638 5632 7ff66cb3d6d0 4 API calls 5633 7ff66cb7c1da 5632->5633 5647 7ff66cb7c071 5633->5647 5635 7ff66cb7c1f3 5637 7ff66cb7c34b 5635->5637 5662 7ff66cb7be50 5635->5662 5639 7ff66cb7872d TlsGetValue 5638->5639 5640 7ff66cb7bdfa 5639->5640 5641 7ff66cb78190 4 API calls 5640->5641 5642 7ff66cb7be09 5641->5642 5643 7ff66cb7be11 5642->5643 5668 7ff66cb7bdb8 5642->5668 5643->5632 5643->5637 5646 7ff66cb39afc 4 API calls 5646->5643 5648 7ff66cb7872d TlsGetValue 5647->5648 5649 7ff66cb7c089 5648->5649 5650 7ff66cb78750 TlsGetValue 5649->5650 5651 7ff66cb7c098 5650->5651 5652 7ff66cb7c0bd 5651->5652 5653 7ff66cb7c0da 5651->5653 5654 7ff66cb37fe0 4 API calls 5652->5654 5655 7ff66cb788f0 5 API calls 5653->5655 5661 7ff66cb7c0d5 5654->5661 5656 7ff66cb7c0e4 5655->5656 5657 7ff66cb7c14c 5656->5657 5658 7ff66cb7c12f 5656->5658 5656->5661 5677 7ff66cb4344c 5657->5677 5659 7ff66cb37fe0 4 API calls 5658->5659 5659->5661 5661->5635 5663 7ff66cb7be6c 5662->5663 5664 7ff66cb7872d TlsGetValue 5663->5664 5665 7ff66cb7be7f 5664->5665 5666 7ff66cb7ba70 free 5665->5666 5667 7ff66cb7bed6 5665->5667 5666->5667 5667->5635 5669 7ff66cb7872d TlsGetValue 5668->5669 5670 7ff66cb7bdc6 5669->5670 5673 7ff66cb7ba70 5670->5673 5674 7ff66cb7bb28 5673->5674 5675 7ff66cb7bda0 5673->5675 5674->5675 5676 7ff66cb39ab7 free 5674->5676 5675->5643 5675->5646 5676->5675 5680 7ff66cb42f1a 5677->5680 5681 7ff66cb42f8f 5680->5681 5684 7ff66cb42f72 5680->5684 5682 7ff66cb3746c calloc free free malloc 5681->5682 5683 7ff66cb42f94 5682->5683 5684->5683 5685 7ff66cb42fd3 5684->5685 5687 7ff66cb4304c 5684->5687 5686 7ff66cb3d9a5 calloc free free malloc free 5685->5686 5686->5683 5688 7ff66cb3746c calloc free free malloc 5687->5688 5688->5683 6058 7ff66cb34957 6059 7ff66cb344ac TlsGetValue 6058->6059 6060 7ff66cb3496f 6059->6060 6061 7ff66cb342a0 2 API calls 6060->6061 6062 7ff66cb34990 6061->6062 6063 7ff66cb34a93 6062->6063 6069 7ff66cc1bcfc 6062->6069 6066 7ff66cb3d6d0 4 API calls 6067 7ff66cb34a3a 6066->6067 6068 7ff66cb3d180 4 API calls 6067->6068 6068->6063 6078 7ff66cc1b7b7 6069->6078 6072 7ff66cc1bd7e 6081 7ff66cc1b7e0 6072->6081 6074 7ff66cb3746c 4 API calls 6074->6072 6075 7ff66cb349c1 6075->6063 6075->6066 6076 7ff66cc1bd9d 6076->6075 6077 7ff66cb39afc 4 API calls 6076->6077 6077->6075 6079 7ff66cb37220 TlsGetValue 6078->6079 6080 7ff66cc1b7c9 6079->6080 6080->6072 6080->6074 6082 7ff66cc1b7f9 6081->6082 6084 7ff66cc1b89c 6081->6084 6083 7ff66cb3746c 4 API calls 6082->6083 6082->6084 6083->6084 6084->6076 5689 7ff66cb3f25b 5690 7ff66cb3f2ca 5689->5690 5691 7ff66cb3f2a0 5689->5691 5692 7ff66cb3f378 5690->5692 5693 7ff66cb3f382 5690->5693 5691->5690 5703 7ff66cb3f917 5691->5703 5694 7ff66cb3746c 4 API calls 5692->5694 5695 7ff66cb3f428 5693->5695 5696 7ff66cb3f41e 5693->5696 5704 7ff66cb3f37d 5694->5704 5697 7ff66cb3f460 malloc 5695->5697 5698 7ff66cb3f450 5695->5698 5699 7ff66cb3746c 4 API calls 5696->5699 5701 7ff66cb3f8d7 5697->5701 5702 7ff66cb3f4c1 5697->5702 5700 7ff66cb37fe0 4 API calls 5698->5700 5699->5704 5700->5704 5701->5704 5705 7ff66cb37fe0 4 API calls 5701->5705 5702->5704 5707 7ff66cb3f655 5702->5707 5718 7ff66cb3f650 5702->5718 5703->5704 5737 7ff66cb3c6a0 5703->5737 5705->5704 5711 7ff66cb37fe0 4 API calls 5707->5711 5709 7ff66cb3fab6 5712 7ff66cb3746c 4 API calls 5709->5712 5710 7ff66cb3fac0 5713 7ff66cb3fae8 5710->5713 5714 7ff66cb3faf2 5710->5714 5711->5704 5712->5704 5715 7ff66cb3746c 4 API calls 5713->5715 5716 7ff66cb3fc28 5714->5716 5717 7ff66cb3fb01 5714->5717 5715->5704 5716->5704 5722 7ff66cb3fe26 5716->5722 5723 7ff66cb3fe2b 5716->5723 5717->5704 5719 7ff66cb37fe0 4 API calls 5717->5719 5718->5704 5720 7ff66cb3f728 5718->5720 5721 7ff66cb3f72d 5718->5721 5719->5717 5728 7ff66cb3f7bd 5720->5728 5729 7ff66cb3f875 5720->5729 5724 7ff66cb3746c 4 API calls 5721->5724 5726 7ff66cb3fed6 5722->5726 5727 7ff66cb3fecc 5722->5727 5725 7ff66cb3746c 4 API calls 5723->5725 5724->5704 5725->5704 5732 7ff66cb3fef5 5726->5732 5733 7ff66cb3fee5 5726->5733 5730 7ff66cb3746c 4 API calls 5727->5730 5728->5704 5731 7ff66cb3746c 4 API calls 5728->5731 5729->5704 5734 7ff66cb37fe0 4 API calls 5729->5734 5730->5704 5731->5704 5744 7ff66cb3f1b2 realloc 5732->5744 5735 7ff66cb37fe0 4 API calls 5733->5735 5734->5704 5735->5704 5738 7ff66cb3c6bd 5737->5738 5740 7ff66cb3c787 5737->5740 5739 7ff66cb3c6ce 5738->5739 5741 7ff66cb3c8bc 5738->5741 5739->5740 5743 7ff66cb3746c 4 API calls 5739->5743 5740->5709 5740->5710 5741->5740 5742 7ff66cb3746c 4 API calls 5741->5742 5742->5740 5743->5739 5745 7ff66cb3f1e5 5744->5745 5745->5704 5854 7ff66cb44bda 5855 7ff66cb3cda0 9 API calls 5854->5855 5856 7ff66cb44bf8 5855->5856 5857 7ff66cb44c00 5856->5857 5858 7ff66cb3afe0 4 API calls 5856->5858 5859 7ff66cb44c66 5857->5859 5860 7ff66cb44c5c free 5857->5860 5858->5857 5861 7ff66cb3b0f3 free 5859->5861 5860->5859 5862 7ff66cb44c87 5861->5862 5863 7ff66cb3cda0 9 API calls 5862->5863 5865 7ff66cb44ca1 5863->5865 5864 7ff66cb44ca9 5865->5864 5866 7ff66cb3afe0 4 API calls 5865->5866 5866->5864 6093 7ff66cb31360 6094 7ff66cb3136e 6093->6094 6095 7ff66cb3188e 9 API calls 6094->6095 6096 7ff66cb317a6 6095->6096 6097 7ff66cb3afe0 4 API calls 6096->6097 6098 7ff66cb317ae 6096->6098 6097->6098 6099 7ff66cb3b0f3 free 6098->6099 6100 7ff66cb31854 6099->6100 6101 7ff66cb3188e 9 API calls 6100->6101 6102 7ff66cb3186e 6101->6102 6103 7ff66cb31876 6102->6103 6104 7ff66cb3afe0 4 API calls 6102->6104 6104->6103 6105 7ff66cb32c60 6106 7ff66cb32ccd TlsGetValue 6105->6106 6107 7ff66cb32c6e 6106->6107 6108 7ff66cb32ce8 4 API calls 6107->6108 6110 7ff66cb32c8d 6108->6110 6109 7ff66cb32c95 6110->6109 6111 7ff66cb39afc 4 API calls 6110->6111 6111->6109 5867 7ff66cb3afde 5868 7ff66cb3afe4 5867->5868 5869 7ff66cb39afc 4 API calls 5868->5869 5870 7ff66cb3b0e0 5868->5870 5869->5868 6112 7ff66cb36168 6113 7ff66cb3618b 6112->6113 6114 7ff66cb37220 TlsGetValue 6112->6114 6114->6113 6127 7ff66cb38066 6128 7ff66cb38015 6127->6128 6129 7ff66cb37886 4 API calls 6128->6129 6130 7ff66cb3804b 6129->6130 5874 7ff66cb372eb 5875 7ff66cb37272 TlsGetValue 5874->5875 5876 7ff66cb372df 5875->5876 6131 7ff66cb3316b 6132 7ff66cb331d9 6131->6132 6133 7ff66cb331eb 6131->6133 6150 7ff66cb3785a 6132->6150 6135 7ff66cb33239 6133->6135 6136 7ff66cb331f9 6133->6136 6137 7ff66cb332ac 6135->6137 6138 7ff66cb33291 6135->6138 6140 7ff66cb3d9a5 5 API calls 6136->6140 6142 7ff66cb3334a 6137->6142 6143 7ff66cb3334f 6137->6143 6141 7ff66cb3d9a5 5 API calls 6138->6141 6139 7ff66cb331e2 6140->6139 6141->6139 6145 7ff66cb33371 6142->6145 6148 7ff66cb3338c 6142->6148 6144 7ff66cb3746c 4 API calls 6143->6144 6144->6139 6146 7ff66cb3d9a5 5 API calls 6145->6146 6146->6139 6147 7ff66cb33e12 6148->6147 6149 7ff66cb3746c 4 API calls 6148->6149 6149->6139 6151 7ff66cb37886 4 API calls 6150->6151 6152 7ff66cb37880 6151->6152 6152->6139 5877 7ff66cb32df0 5884 7ff66cb32ccd 5877->5884 5881 7ff66cb32e25 5882 7ff66cb32e1d 5882->5881 5883 7ff66cb39afc 4 API calls 5882->5883 5883->5881 5885 7ff66cb37220 TlsGetValue 5884->5885 5886 7ff66cb32cdf 5885->5886 5887 7ff66cb32ce8 5886->5887 5888 7ff66cb32db1 5887->5888 5889 7ff66cb32d01 5887->5889 5888->5882 5889->5888 5890 7ff66cb3746c 4 API calls 5889->5890 5890->5888 5891 7ff66cb415f0 5892 7ff66cb4169c ExitProcess 5891->5892 5893 7ff66cb416ef 5891->5893 5892->5892 5894 7ff66cb416ea 5892->5894 5898 7ff66cb324f5 5899 7ff66cb3250c 5898->5899 5901 7ff66cb32507 5898->5901 5900 7ff66cb3afe0 4 API calls 5899->5900 5900->5901 5902 7ff66cb3b0f3 free 5901->5902 5905 7ff66cb32870 5901->5905 5903 7ff66cb32704 5902->5903 5904 7ff66cb3188e 9 API calls 5903->5904 5906 7ff66cb32724 5904->5906 5907 7ff66cb3b0f3 free 5905->5907 5906->5905 5909 7ff66cb32746 5906->5909 5911 7ff66cb32788 5906->5911 5908 7ff66cb32929 5907->5908 5910 7ff66cb3188e 9 API calls 5908->5910 5913 7ff66cb32943 5910->5913 5911->5909 5912 7ff66cb3afe0 4 API calls 5911->5912 5912->5911 5914 7ff66cb3294b 5913->5914 5915 7ff66cb3afe0 4 API calls 5913->5915 5915->5914

          Executed Functions

          Function 00007FF66CB311B5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: exit$ExceptionFilterUnhandled
          • String ID: 0
          • API String ID: 4257813844-4108050209
          • Opcode ID: c26cb4941d79056e3d650b2f5079423db7b870c03b046d51c95775f303d68fe4
          • Instruction ID: 62c579d3c95df153070379439c5a90272f00ec1bea3b9972cffcd88f6942275b
          • Opcode Fuzzy Hash: c26cb4941d79056e3d650b2f5079423db7b870c03b046d51c95775f303d68fe4
          • Instruction Fuzzy Hash: C2419F76B08E15CAFB008B96E88036933B4BB88B85F544536DE0D9B7A8DF3CE841C750
          Function 00007FF66CB3F25B Relevance: 6.8, APIs: 1, Strings: 3, Instructions: 828COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 22 7ff66cb3f25b-7ff66cb3f29a 23 7ff66cb3f2ca-7ff66cb3f372 22->23 24 7ff66cb3f2a0-7ff66cb3f2c4 22->24 26 7ff66cb3f378-7ff66cb3f37d call 7ff66cb3746c 23->26 27 7ff66cb3f382-7ff66cb3f418 23->27 24->23 25 7ff66cb3f917-7ff66cb3f92a 24->25 28 7ff66cb3ffd9-7ff66cb40064 25->28 29 7ff66cb3f930-7ff66cb3f986 25->29 47 7ff66cb400db-7ff66cb400e4 26->47 31 7ff66cb3f428-7ff66cb3f44a 27->31 32 7ff66cb3f41e-7ff66cb3f423 call 7ff66cb3746c 27->32 35 7ff66cb4011b-7ff66cb4011e 28->35 36 7ff66cb4006a-7ff66cb400d0 28->36 37 7ff66cb400f7-7ff66cb400fc 29->37 38 7ff66cb3f98c-7ff66cb3f9f9 29->38 33 7ff66cb3f460-7ff66cb3f4bb malloc 31->33 34 7ff66cb3f450-7ff66cb3f45b call 7ff66cb37fe0 31->34 32->47 43 7ff66cb3f8d7-7ff66cb3f8e3 33->43 44 7ff66cb3f4c1-7ff66cb3f4e6 33->44 34->47 36->36 42 7ff66cb400d6 36->42 45 7ff66cb40100-7ff66cb40106 37->45 38->38 46 7ff66cb3f9ff-7ff66cb3fa05 38->46 42->47 50 7ff66cb3f8e9-7ff66cb3f902 call 7ff66cb3aac0 43->50 51 7ff66cb3f907-7ff66cb3f912 call 7ff66cb37fe0 43->51 52 7ff66cb3f4ec-7ff66cb3f63b 44->52 53 7ff66cb400e5-7ff66cb400e7 44->53 54 7ff66cb40109-7ff66cb4010d 45->54 55 7ff66cb3fa0b 46->55 56 7ff66cb3fa10-7ff66cb3fab0 call 7ff66cb3c6a0 46->56 50->28 51->47 52->52 59 7ff66cb3f641-7ff66cb3f64a 52->59 65 7ff66cb400ee 53->65 55->28 67 7ff66cb3fab6-7ff66cb3fabb call 7ff66cb3746c 56->67 68 7ff66cb3fac0-7ff66cb3fae2 56->68 63 7ff66cb3f650-7ff66cb3f6a5 call 7ff66cb65280 59->63 64 7ff66cb3f655-7ff66cb3f660 call 7ff66cb37fe0 59->64 84 7ff66cb3f6ab-7ff66cb3f722 63->84 85 7ff66cb3f8ba-7ff66cb3f8d2 63->85 64->47 65->37 67->47 72 7ff66cb3fae8-7ff66cb3faed call 7ff66cb3746c 68->72 73 7ff66cb3faf2-7ff66cb3fafb 68->73 72->47 78 7ff66cb3fc28-7ff66cb3fc53 73->78 79 7ff66cb3fb01-7ff66cb3fb69 73->79 78->54 83 7ff66cb3fc59-7ff66cb3fe14 78->83 79->45 82 7ff66cb3fb6f-7ff66cb3fc1d call 7ff66cb37fe0 79->82 100 7ff66cb3fc23 82->100 83->54 87 7ff66cb3fe1a-7ff66cb3fe20 83->87 88 7ff66cb3f728-7ff66cb3f7b7 84->88 89 7ff66cb3f72d-7ff66cb3f732 call 7ff66cb3746c 84->89 85->28 90 7ff66cb3fe26-7ff66cb3fec6 87->90 91 7ff66cb3fe2b-7ff66cb3fe30 call 7ff66cb3746c 87->91 98 7ff66cb3f7bd-7ff66cb3f7f4 88->98 99 7ff66cb3f875-7ff66cb3f87e 88->99 89->47 102 7ff66cb3fed6-7ff66cb3fedf 90->102 103 7ff66cb3fecc-7ff66cb3fed1 call 7ff66cb3746c 90->103 91->47 98->65 104 7ff66cb3f7fa-7ff66cb3f86a call 7ff66cb3746c 98->104 105 7ff66cb3f894-7ff66cb3f8b5 call 7ff66cb3aac0 99->105 106 7ff66cb3f884-7ff66cb3f88f call 7ff66cb37fe0 99->106 100->47 109 7ff66cb3fef5-7ff66cb3ffd4 call 7ff66cb3f1b2 102->109 110 7ff66cb3fee5-7ff66cb3fef0 call 7ff66cb37fe0 102->110 103->47 104->65 119 7ff66cb3f870 104->119 105->28 106->47 109->28 110->47 119->47
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: Q\J$ntK$rIJd
          • API String ID: 0-1247198646
          • Opcode ID: ba7b09d48b7f052b93f6b0604cf97d1fa194b8dcd91e3799e51ed298ccf3bd4c
          • Instruction ID: 5c1adea7e62025ed00afe09b5f4788c43658059f613ee212606b964b7d4ffbf2
          • Opcode Fuzzy Hash: ba7b09d48b7f052b93f6b0604cf97d1fa194b8dcd91e3799e51ed298ccf3bd4c
          • Instruction Fuzzy Hash: A7624C73B28E9182EB548679AC6177B26629B96BB1F109335EE7ECB7D4CE2CD4004700
          Function 00007FF66CB3D180 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
          Download Yara Rule

          Control-flow Graph

          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: OJ'J$bD=6$wg4R
          • API String ID: 0-706172807
          • Opcode ID: 8fd08e7703be999667e6d8d69103e5b4a2c8da8890bc35cbf5bd9395cfa3eec8
          • Instruction ID: 028c1de393754cd7d1ae4cb841189f9bd67d00e687dc8468946f03b0a45e5a11
          • Opcode Fuzzy Hash: 8fd08e7703be999667e6d8d69103e5b4a2c8da8890bc35cbf5bd9395cfa3eec8
          • Instruction Fuzzy Hash: B1512173F24E218AE7088B75E8416AD3BB2A789794F108639DD0DCBB98DE3CD9518700
          Function 00007FF66CB3BB10 Relevance: 2.0, Strings: 1, Instructions: 712COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 235 7ff66cb3bb10-7ff66cb3bb76 call 7ff66cd5e7b0 call 7ff66cb372f2 240 7ff66cb3bb7c-7ff66cb3bb84 235->240 241 7ff66cb3c662-7ff66cb3c66c 235->241 242 7ff66cb3bc48-7ff66cb3bd61 call 7ff66cb3c6a0 240->242 243 7ff66cb3bb8a-7ff66cb3bc08 240->243 250 7ff66cb3bd67-7ff66cb3bd7a call 7ff66cb3746c 242->250 251 7ff66cb3bd7f-7ff66cb3bdcd 242->251 245 7ff66cb3bc26-7ff66cb3bc36 call 7ff66cb3b730 243->245 246 7ff66cb3bc0e-7ff66cb3bc21 call 7ff66cb3746c 243->246 253 7ff66cb3bc3b-7ff66cb3bc43 245->253 246->241 250->241 255 7ff66cb3c66d-7ff66cb3c670 251->255 256 7ff66cb3bdd3-7ff66cb3be8b 251->256 253->241 259 7ff66cb3c65b-7ff66cb3c65e 255->259 260 7ff66cb3c672-7ff66cb3c673 255->260 256->256 258 7ff66cb3be91-7ff66cb3be96 256->258 261 7ff66cb3be9c-7ff66cb3bf0a 258->261 262 7ff66cb3c2df-7ff66cb3c2fa call 7ff66cb37b30 258->262 259->241 263 7ff66cb3c676-7ff66cb3c67c 260->263 261->263 269 7ff66cb3bf10-7ff66cb3bfa5 call 7ff66cb37b30 261->269 271 7ff66cb3c300-7ff66cb3c417 262->271 272 7ff66cb3c305-7ff66cb3c318 call 7ff66cb3746c 262->272 264 7ff66cb3c67f 263->264 267 7ff66cb3c688-7ff66cb3c68e 264->267 270 7ff66cb3c691-7ff66cb3c692 267->270 280 7ff66cb3bfab-7ff66cb3bfb0 269->280 278 7ff66cb3c41d-7ff66cb3c430 call 7ff66cb3746c 271->278 279 7ff66cb3c435-7ff66cb3c450 call 7ff66cb37b30 271->279 281 7ff66cb3c65a 272->281 278->281 291 7ff66cb3c456-7ff66cb3c4b0 279->291 292 7ff66cb3c45b-7ff66cb3c46e call 7ff66cb3746c 279->292 283 7ff66cb3bfb6-7ff66cb3c019 280->283 284 7ff66cb3bfbb-7ff66cb3bfce call 7ff66cb3746c 280->284 281->259 293 7ff66cb3c037-7ff66cb3c03f 283->293 294 7ff66cb3c01f-7ff66cb3c032 call 7ff66cb3746c 283->294 295 7ff66cb3c2d2-7ff66cb3c2da 284->295 303 7ff66cb3c4b6-7ff66cb3c4c9 call 7ff66cb3746c 291->303 304 7ff66cb3c4ce-7ff66cb3c4d6 291->304 292->281 299 7ff66cb3c045-7ff66cb3c05e call 7ff66cb37fe0 293->299 300 7ff66cb3c063-7ff66cb3c06b 293->300 294->295 295->241 299->295 306 7ff66cb3c13c-7ff66cb3c18c call 7ff66cb3b370 call 7ff66cb37b30 300->306 307 7ff66cb3c071-7ff66cb3c0c2 300->307 303->281 311 7ff66cb3c4dc-7ff66cb3c4f5 call 7ff66cb37fe0 304->311 312 7ff66cb3c4fa-7ff66cb3c502 304->312 332 7ff66cb3c197-7ff66cb3c1f4 306->332 333 7ff66cb3c192-7ff66cb3c286 306->333 307->264 313 7ff66cb3c0c8-7ff66cb3c12b call 7ff66cb37fe0 307->313 311->281 318 7ff66cb3c508-7ff66cb3c55e 312->318 319 7ff66cb3c5f0-7ff66cb3c60e 312->319 330 7ff66cb3c131-7ff66cb3c137 313->330 318->270 325 7ff66cb3c564-7ff66cb3c5df call 7ff66cb37fe0 318->325 321 7ff66cb3c614-7ff66cb3c62d call 7ff66cb37fe0 319->321 322 7ff66cb3c632-7ff66cb3c656 call 7ff66cb3ba80 319->322 321->281 322->281 336 7ff66cb3c5e5-7ff66cb3c5eb 325->336 330->295 332->267 338 7ff66cb3c1fa-7ff66cb3c269 call 7ff66cb3746c 332->338 340 7ff66cb3c28c-7ff66cb3c2a5 call 7ff66cb37fe0 333->340 341 7ff66cb3c2aa-7ff66cb3c2ce call 7ff66cb65280 333->341 336->281 338->267 346 7ff66cb3c26f-7ff66cb3c275 338->346 340->295 341->295 346->295
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: #y
          • API String ID: 0-2081685464
          • Opcode ID: 080f371ad321deac609507d95735d04dede2c86ba12fae4106e2652649aad5ae
          • Instruction ID: 121450ac25529fe413c2807c069204172c308cdd6d3d50215222a58678f6b040
          • Opcode Fuzzy Hash: 080f371ad321deac609507d95735d04dede2c86ba12fae4106e2652649aad5ae
          • Instruction Fuzzy Hash: AE424972F24E61C6EB189BF598622B926A2AB5A7B4F109735DD3EDB7C4DE2CD4014300
          Function 00007FF66CB34520 Relevance: 1.6, APIs: 1, Instructions: 139threadCOMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: AllocCreateThreadVirtual
          • String ID:
          • API String ID: 3065189322-0
          • Opcode ID: ffc7e9ee982f55ec27b9eaa0be90bb83cf620b8f2774b364607a2151c3cf6ace
          • Instruction ID: e8f37a4ffec0923f795e2551c148400a324c7e7e397bf5b56f22916475fbc531
          • Opcode Fuzzy Hash: ffc7e9ee982f55ec27b9eaa0be90bb83cf620b8f2774b364607a2151c3cf6ace
          • Instruction Fuzzy Hash: 5751C332F34E60C6F7149B7AA8002A937B1A799765F508335EE5C8B7E4DE389952CB40
          Function 00007FF66CB414B0 Relevance: 1.6, APIs: 1, Instructions: 80libraryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 366 7ff66cb414b0-7ff66cb41544 367 7ff66cb4154a-7ff66cb41586 366->367 368 7ff66cb415e5-7ff66cb415e7 366->368 369 7ff66cb4158a-7ff66cb415d5 LoadLibraryA 367->369 368->369 370 7ff66cb415e9 368->370 369->367 371 7ff66cb415db-7ff66cb415e4 369->371 370->367
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: LibraryLoad
          • String ID:
          • API String ID: 1029625771-0
          • Opcode ID: 7b34814c95ea2a1001dec40d559c8fd0fdba46b940dc2eb4ee18432ce8495e28
          • Instruction ID: 22a7d4c91de4f2c61b1f6a978cd6ff0c0c3135b83abeffc2d022e1f7b01f8ce7
          • Opcode Fuzzy Hash: 7b34814c95ea2a1001dec40d559c8fd0fdba46b940dc2eb4ee18432ce8495e28
          • Instruction Fuzzy Hash: EA31D336B2895482E75CCB3A9C5132A2662EB85779B54D339E92FCB7E4CE3CD8118604
          Function 00007FF66CC56900 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: InfoSystemValue
          • String ID:
          • API String ID: 2777205056-0
          • Opcode ID: 28c73d186913443784a933223551e0e4e22ea77cf5c7286c60e2fd007a82f092
          • Instruction ID: fd9e5551d24b5c0c0eafb0a18b78d7d2ff9b7b59887f21722f0c607ef0569594
          • Opcode Fuzzy Hash: 28c73d186913443784a933223551e0e4e22ea77cf5c7286c60e2fd007a82f092
          • Instruction Fuzzy Hash: A631EF77F14E05CBE7189BB6D8922B837B1AB98745F544934EA1DCB790DE3CE451C600
          Function 00007FF66CB3B370 Relevance: 1.5, APIs: 1, Instructions: 240COMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: malloc
          • String ID:
          • API String ID: 2803490479-0
          • Opcode ID: 3e7d9f36a774d7a0b3bb9895df953a5034dc6cfc59e34ab7391dc830dadec3ac
          • Instruction ID: 5db77ec7c3625f5e1a9d55f6871afc81cc957e0d7772a894def608b7cb82ecd5
          • Opcode Fuzzy Hash: 3e7d9f36a774d7a0b3bb9895df953a5034dc6cfc59e34ab7391dc830dadec3ac
          • Instruction Fuzzy Hash: 5691B872B28E5183EE08CB79982527A66A2EB567F1F10D335E93ECF7D9DE2CD4014600
          Function 00007FF66CB3DE10 Relevance: .2, Instructions: 216COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fe132d8c033d72b12ea5bd384c519c182ad81d1f41d80d678c5c72c006261116
          • Instruction ID: 617f944b618a3933fa965dfd80cab155ff523610cd8b54fbccdb202c5236b14c
          • Opcode Fuzzy Hash: fe132d8c033d72b12ea5bd384c519c182ad81d1f41d80d678c5c72c006261116
          • Instruction Fuzzy Hash: 7A811A72729F9182DE148B79E461B6A6661E796BF0F109735EE7E8BBE4CE3CD4004700
          Function 00007FF66CB3B730 Relevance: .2, Instructions: 202COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cb1315712ec4c63141c5c939213ffc1db5e1c3ec248deb00c095c9c8e87fe874
          • Instruction ID: 06ac0ecd55a96f862924c7b7e4fe06e0cc4f27f93a0167886cc824205164a37e
          • Opcode Fuzzy Hash: cb1315712ec4c63141c5c939213ffc1db5e1c3ec248deb00c095c9c8e87fe874
          • Instruction Fuzzy Hash: 9671F572F24E11C6FB1C87B59C5227E2672AB5A765F248239DD2EDF7D8DE2CD4018200
          Function 00007FF66CB3D3BA Relevance: .2, Instructions: 174COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: calloc
          • String ID:
          • API String ID: 2635317215-0
          • Opcode ID: 7133b0cdfd98c493178963adb3935cf11b4d604c3f72702c25bd8b5f427eb67d
          • Instruction ID: faf8b6660da320c58b0b6923bd6966954ebb94e68c6797a0680904959188c96b
          • Opcode Fuzzy Hash: 7133b0cdfd98c493178963adb3935cf11b4d604c3f72702c25bd8b5f427eb67d
          • Instruction Fuzzy Hash: 1E51D6A2B28B9083ED448BB668213BA6762DB5B7F1F109335ED7E8F7D4DE5CE4014640
          Function 00007FF66CB3D6D0 Relevance: .2, Instructions: 174COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c4094687a76753f877524ebd58b1e3cf6c639cd073f7723b587004863729a31b
          • Instruction ID: 1f1d75d61b1eb5791ebc1c2b5b4b39ea37c020256723ffed52fc6d978af6d6e9
          • Opcode Fuzzy Hash: c4094687a76753f877524ebd58b1e3cf6c639cd073f7723b587004863729a31b
          • Instruction Fuzzy Hash: BB51D8B2B3494287DB0C9A79992163A66A397867B4F509339F97ECF7D8DE3CD4004600
          Function 00007FF66CC57940 Relevance: .1, Instructions: 123COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 70574bb45156ca4cc9bc43d326d16d26b20261e53bb56accc53446fd9e7a0783
          • Instruction ID: 10a82be7b969bef9cbc7fd1ff1236c0cb04e58b00fa7c2d221b917a855c892ed
          • Opcode Fuzzy Hash: 70574bb45156ca4cc9bc43d326d16d26b20261e53bb56accc53446fd9e7a0783
          • Instruction Fuzzy Hash: DA51C0B2F28E46C6EF449B25E89137A27B1FBA1741F408539E24ECF795DE2CE4518700
          Function 00007FF66CC57DE0 Relevance: .1, Instructions: 118COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fe9fdd6c84e8f055cd988cdd8144a95f27fe9e8f48158308314d601d7fa36a3e
          • Instruction ID: d231fb88686e7f3159dc7a98cee1f8d748712407011f6e155ff1465a0dceb0f2
          • Opcode Fuzzy Hash: fe9fdd6c84e8f055cd988cdd8144a95f27fe9e8f48158308314d601d7fa36a3e
          • Instruction Fuzzy Hash: 3341C432B28D5186E728CB3EDC1113A66A29BD5771B54833AE52ECB7E8DF2CD9418704
          Function 00007FF66CC63E00 Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: ExitProcess
          • String ID:
          • API String ID: 621844428-0
          • Opcode ID: 18a1339708ad8fc42b0ec3be966b0cd82183f9893a66988d92d9a27b1e903bcc
          • Instruction ID: 9935087d4ff0b227f2aed54eff4143c71f1dc8577882a004485002717fe9dd8c
          • Opcode Fuzzy Hash: 18a1339708ad8fc42b0ec3be966b0cd82183f9893a66988d92d9a27b1e903bcc
          • Instruction Fuzzy Hash: ED212633B35C5346A71C963B9D2657A25A34B893217448B3DE52ECFAE0CE2CD8018A04
          Function 00007FF66CD5D8C0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 167memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: ProtectVirtual
          • String ID: @
          • API String ID: 544645111-2766056989
          • Opcode ID: 9a809a70ea6a6be442cea981ba0e3b0137118e0a191674c141363444c8a3c1b2
          • Instruction ID: f3a7ff8fe50b8f5752c0ad1af711bf5675b845bc0d97ed086745023fabf99997
          • Opcode Fuzzy Hash: 9a809a70ea6a6be442cea981ba0e3b0137118e0a191674c141363444c8a3c1b2
          • Instruction Fuzzy Hash: 9E6116B2F05B4ACBEB14CB55D68526823B2EB58BCAB558035DA1C9B714DF3CEA42D300
          Function 00007FF66CD5DB3C Relevance: 1.6, APIs: 1, Instructions: 61memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 383 7ff66cd5db3c-7ff66cd5db4b 384 7ff66cd5dbfd-7ff66cd5dc06 383->384 385 7ff66cd5dc0c-7ff66cd5dc13 384->385 386 7ff66cd5db50-7ff66cd5db72 384->386 387 7ff66cd5dbf8 386->387 388 7ff66cd5db78-7ff66cd5dbf6 VirtualProtect 386->388 389 7ff66cd5dbf9 387->389 388->389 389->384
          APIs
          • VirtualProtect.KERNELBASE(?,?,?,?,?,00007FF66CD5E01D,?,?,?,?,?,00007FF66CB312E5), ref: 00007FF66CD5DBF4
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: ProtectVirtual
          • String ID:
          • API String ID: 544645111-0
          • Opcode ID: 2ff1b3d7804e1ac5f9623c96fe15e793a67efeed1af42faace67480986ebd4d1
          • Instruction ID: 9abbc0070aa1981216a87f018b10c4198db5e5dff10772a8d8defe9f50d81d1b
          • Opcode Fuzzy Hash: 2ff1b3d7804e1ac5f9623c96fe15e793a67efeed1af42faace67480986ebd4d1
          • Instruction Fuzzy Hash: 8911FEA2F0974ACBEF14CB55D68626863B2EB98BC6B55C035DD1C9B314DE2CEB42D700
          Function 00007FF66CB3439A Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: AllocCreateThreadVirtual
          • String ID:
          • API String ID: 3065189322-0
          • Opcode ID: a31a2a7adb770e4481704b1410f898072da79e3f039c221f79862557cbe6e8f9
          • Instruction ID: c0a63fe41453e38757187572b348a1922fb33819bd0b408dc71b50cfe052c317
          • Opcode Fuzzy Hash: a31a2a7adb770e4481704b1410f898072da79e3f039c221f79862557cbe6e8f9
          • Instruction Fuzzy Hash: F5213432608F45C2E7408B5AF8402AA77B4FB89B95F604135EA8C8BB64DF7DD455CB40
          Function 00007FF66CB37500 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 502 7ff66cb37500-7ff66cb37540 503 7ff66cb37546-7ff66cb37578 502->503 504 7ff66cb375ba 502->504 505 7ff66cb3757e-7ff66cb375aa calloc 503->505 504->505 506 7ff66cb375bc-7ff66cb375bf 504->506 505->504 507 7ff66cb375b0-7ff66cb375b9 505->507
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: calloc
          • String ID:
          • API String ID: 2635317215-0
          • Opcode ID: 800dfe40754887d6daf975f718097d420c903201902ce0ac1fc603334ffa51e1
          • Instruction ID: 4476c849b1bef4353f065a8856d7fe4a40321e36686c5ea440672a96aea2db52
          • Opcode Fuzzy Hash: 800dfe40754887d6daf975f718097d420c903201902ce0ac1fc603334ffa51e1
          • Instruction Fuzzy Hash: 5C11C632B24552C7E768CF39DD8112A67A2E7C9705B858335D54CCFB98EE3CD9018A40
          Function 00007FF66CB342A0 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: AllocVirtual
          • String ID:
          • API String ID: 4275171209-0
          • Opcode ID: 897b3e3d8ee974d65562bad4a02ede9a9146a17e5baa48e005b54433457c959e
          • Instruction ID: 6db198f4335cfc452d063330167380a77498f9e823da72b9342a6568addc944c
          • Opcode Fuzzy Hash: 897b3e3d8ee974d65562bad4a02ede9a9146a17e5baa48e005b54433457c959e
          • Instruction Fuzzy Hash: A0014866729F4486CB64CB56F85022AAAE0E78DBD8F100535EE8ECBB58DE3DD5118B00

          Non-executed Functions

          Function 00007FF66CB41700 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 375libraryloaderCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: AddressProc$ExitProcess
          • String ID: >5H
          • API String ID: 2636158824-3751592696
          • Opcode ID: 3896426ee85a89434f3dde0be441bcd7bc44f8757b39d5525a0a8f2fe4a72ed5
          • Instruction ID: b5cde2a91fec074fc00c06ec80e336dc8be216ce536c73ab91dd234d1ccf4e13
          • Opcode Fuzzy Hash: 3896426ee85a89434f3dde0be441bcd7bc44f8757b39d5525a0a8f2fe4a72ed5
          • Instruction Fuzzy Hash: 0CE13773F24A908AEB14CF79D8516A92BB1A759798F148235DE6EDBBC8DE3CD1108700
          Function 00007FF66CB415F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: ExitProcess
          • String ID: .|c/$xf!!
          • API String ID: 621844428-218602307
          • Opcode ID: 3d1ca7355ad7d66c04ea7ae02b1582cb9c03f42e701181b0fb80092c37a87ecc
          • Instruction ID: 187bdb15f84385287072c642013d95e7413aabbde10ff38921a97b208071f47f
          • Opcode Fuzzy Hash: 3d1ca7355ad7d66c04ea7ae02b1582cb9c03f42e701181b0fb80092c37a87ecc
          • Instruction Fuzzy Hash: 9B113632F2885283A35C8629AC6B93A56E387C8341B94D63ED52ACFFE4CD3CC9014604
          Function 00007FF66CB3E320 Relevance: 2.9, Strings: 2, Instructions: 367COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: >v$]XQ
          • API String ID: 0-500044638
          • Opcode ID: 8dc205b7a551c44db606aed4754a0d4c1a6eec161176c3352e2fd223ea1789e8
          • Instruction ID: 400e3c8e8a26dc34698b1ef53e4fa9640595c9fd66b8ae5e562ab30409ebab9a
          • Opcode Fuzzy Hash: 8dc205b7a551c44db606aed4754a0d4c1a6eec161176c3352e2fd223ea1789e8
          • Instruction Fuzzy Hash: 56D16C73B24D9183E758CA399C6196A6AA3DB967B17149336D93ECFBE4CE3CD8014700
          Function 00007FF66CB39B90 Relevance: 1.8, Strings: 1, Instructions: 541COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: :;%!
          • API String ID: 0-846597393
          • Opcode ID: 0e485e56664192e04d3ccfe4711f2e101fcce57d42dc3d13cc120306761b60d2
          • Instruction ID: 74d4736389870c5dc7fee465ce8419e6d2c30d32f115a8c070894e18d27758ed
          • Opcode Fuzzy Hash: 0e485e56664192e04d3ccfe4711f2e101fcce57d42dc3d13cc120306761b60d2
          • Instruction Fuzzy Hash: C122B776B19E9182DA68CB79E8513AA7761E7867B0F108735DA7ECB7D8CE3CD4408700
          Function 00007FF66CB40150 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: Ygw7
          • API String ID: 0-35260591
          • Opcode ID: 6024328d236fc93138beb20e8090cf6db268e12d39fb520ea67c200acc694916
          • Instruction ID: 91a8990e50123c1b7d99914da01dc01e89e98371c69ec4b74704b2d59b49ee9f
          • Opcode Fuzzy Hash: 6024328d236fc93138beb20e8090cf6db268e12d39fb520ea67c200acc694916
          • Instruction Fuzzy Hash: 40020B72B29E9183EA48CA39AC5166A6662E7D67B0F54C335E97ECF7D8DE3CD0014700
          Function 00007FF66CB37D00 Relevance: 1.7, APIs: 1, Instructions: 170COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aac1194973ab989405c2fc458d494f2683912876a0c7217fcf68ce36b7639cf4
          • Instruction ID: 20e7a0d14183b1ceadc059198c395b0c4918916562f7af19e039fdf51aa1b25f
          • Opcode Fuzzy Hash: aac1194973ab989405c2fc458d494f2683912876a0c7217fcf68ce36b7639cf4
          • Instruction Fuzzy Hash: C661F672B18A52CBEB58CB38DD5123A66B2EB89311F504239E55EDF7D8DE7CD8018A00
          Function 00007FF66CB3B150 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: realloc
          • String ID:
          • API String ID: 471065373-0
          • Opcode ID: f391ef24dddcb7e788386688e51425a6cc8fc8cb7e3ea9e8d9ccb3eef0cf1bff
          • Instruction ID: a6779fcea7ffb0f7b4a4169975334749bd5f02d596753f73e49644fa7372ea2c
          • Opcode Fuzzy Hash: f391ef24dddcb7e788386688e51425a6cc8fc8cb7e3ea9e8d9ccb3eef0cf1bff
          • Instruction Fuzzy Hash: 9141F832728E61C3E75896399C5166E66A2EBCA760F548335E57EDFBD8CE3CD8014700
          Function 00007FF66CB7A6D0 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: \aM
          • API String ID: 0-2009346633
          • Opcode ID: 82ad2df2fe10aef77df0c0cac4d263066753beeede5b41941e713da9fd592624
          • Instruction ID: f0bfc2f13d741f86cd42913acb2c251786808836ce396def5ee42284cfbedf39
          • Opcode Fuzzy Hash: 82ad2df2fe10aef77df0c0cac4d263066753beeede5b41941e713da9fd592624
          • Instruction Fuzzy Hash: 1DE1E973719E8182D768CB35E85136A76A2A7D97B0F14D325DABDCBBD8DE2CD0008B00
          Function 00007FF66CC46840 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: Lo
          • API String ID: 0-2285928137
          • Opcode ID: 83dfec23e27fadcb36c8296c46c390bb09e4352c33aa85ee6cefc978e002531a
          • Instruction ID: 4b7ff629eb134b6db0bbb8a11383ba159074f0a2485c82cec89e09c2de655194
          • Opcode Fuzzy Hash: 83dfec23e27fadcb36c8296c46c390bb09e4352c33aa85ee6cefc978e002531a
          • Instruction Fuzzy Hash: CFB10C33B24D6186F764CB7A9851F693A62A385778F20D324DE3A97FD8CB3985128700
          Function 00007FF66CB3C930 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: txeo
          • API String ID: 0-1518088724
          • Opcode ID: 0058d4e9d7487744abc2846d99595e57e412fd3656ba07b2b9a0ed0ba66a9af6
          • Instruction ID: 817cffcb7cee714b4e725f159ffecd1b229d38e328bf71d896e46266f11707b3
          • Opcode Fuzzy Hash: 0058d4e9d7487744abc2846d99595e57e412fd3656ba07b2b9a0ed0ba66a9af6
          • Instruction Fuzzy Hash: E1812873718E6183D758CA79A85166A66A2EBC67B1F148335ED7DCB7D8CE3CD4018700
          Function 00007FF66CB3DAB0 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: cj*
          • API String ID: 0-627523316
          • Opcode ID: cc62ed070d5c738b6f4ad9d89d2037aeddcea2d1da5b4b14d44cd05de93118fc
          • Instruction ID: 550458a64f711cc6d620f7827fd76c2e5514359577045a17f303b6aae8f7dc33
          • Opcode Fuzzy Hash: cc62ed070d5c738b6f4ad9d89d2037aeddcea2d1da5b4b14d44cd05de93118fc
          • Instruction Fuzzy Hash: FE81DA76B3895183EB48CA39E85563A77A2EB86760F548735E96ECF7D4CE3CD8018700
          Function 00007FF66CB382C0 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: Z3
          • API String ID: 0-3605120422
          • Opcode ID: ad06b1dbd1dfd00bd265d4ef6fbd9dc9252baf70cf2e2c80624ea4c1fab64eed
          • Instruction ID: 6598aab117c8794dfde4e91217c05e9f80f0c6cd1aafafbf9a93a9fb05664537
          • Opcode Fuzzy Hash: ad06b1dbd1dfd00bd265d4ef6fbd9dc9252baf70cf2e2c80624ea4c1fab64eed
          • Instruction Fuzzy Hash: 73615C73738D9183935CCA7C9C52A662A92A7867B4B649336FE39CFBD4CE3DC5004600
          Function 00007FF66CB7B480 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: ]{w
          • API String ID: 0-1355069309
          • Opcode ID: 48afb68adb6ab2f9bbafaa4ae46281f3214b203cbc6361128d68bf28f52eff92
          • Instruction ID: cfad8642d555141db5e7cfe508386b341288dee1ae0eaeadbd48619645289c74
          • Opcode Fuzzy Hash: 48afb68adb6ab2f9bbafaa4ae46281f3214b203cbc6361128d68bf28f52eff92
          • Instruction Fuzzy Hash: 1B61C532725E5582975CCA39DC5116BBAA2E7C9770B688339E67ECB7E8CE3CD4018704
          Function 00007FF66CB788F0 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: IJy3
          • API String ID: 0-4218970900
          • Opcode ID: c6db6e5034d1a5d177c476c542b1e8d78ce6b59327118fc12f00021f9c4a1027
          • Instruction ID: 02d16c793308411b3210391d37a9bfef71dcd11c32295a8d3e7496d5d8892c11
          • Opcode Fuzzy Hash: c6db6e5034d1a5d177c476c542b1e8d78ce6b59327118fc12f00021f9c4a1027
          • Instruction Fuzzy Hash: 5F513972F24A12CAFB14CBBA98425692AB25B993B5F149336DD3DDBBD4DD3CE0018710
          Function 00007FF66CB395D0 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: h![q
          • API String ID: 0-2551507218
          • Opcode ID: fb83c6c0739710af1212dfaef38b60cffd16df4571846cafb63f74a2bcaea8c9
          • Instruction ID: 22196b6e02e6fdbb9bd5140c583e89e13dc36791191181cc056313db411069c1
          • Opcode Fuzzy Hash: fb83c6c0739710af1212dfaef38b60cffd16df4571846cafb63f74a2bcaea8c9
          • Instruction Fuzzy Hash: E6619336A18F4582EA108B69E45075A6B71E7D6BF5F105321EEBD87BE8CF3CD4508B40
          Function 00007FF66CB78480 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: )Gp&
          • API String ID: 0-1956206822
          • Opcode ID: 5eac9f4a27a1184b8a244a38fcdcccc2689726a02756a3d24e75824d6bb8b0ea
          • Instruction ID: 814bb093e2448d6ddee633832b0d2c2be1343b331ecf241525cef8528b5e3aa1
          • Opcode Fuzzy Hash: 5eac9f4a27a1184b8a244a38fcdcccc2689726a02756a3d24e75824d6bb8b0ea
          • Instruction Fuzzy Hash: 34511932B2CD51C7D3588739A85123A7AB1AB8A761F54533AE57ECBAE4CE1DE400DB00
          Function 00007FF66CB7AE90 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: ?Ix
          • API String ID: 0-429423128
          • Opcode ID: aca5c7a8083dfa1e1f35969f98539d781bd227ec2f0f68a997897b2bddc49542
          • Instruction ID: ba9322ad09cb5e89d1fd7fe0f3f6db3351b6486cdc181f21537a891abb35e926
          • Opcode Fuzzy Hash: aca5c7a8083dfa1e1f35969f98539d781bd227ec2f0f68a997897b2bddc49542
          • Instruction Fuzzy Hash: 3B51E8A3B28E5182EE54C679D8513266662AB86BF0F149735ED7ECBBD8CE2CD4018704
          Function 00007FF66CB38070 Relevance: 1.4, APIs: 1, Instructions: 146COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: malloc
          • String ID:
          • API String ID: 2803490479-0
          • Opcode ID: 3631ea9cd5a392dec5df1e690bef974c9f1d182acaf46739a31d3218deb60263
          • Instruction ID: f6f4abf5bddba84f2a14dfa548be673f69a2176536da12813181569b4423addc
          • Opcode Fuzzy Hash: 3631ea9cd5a392dec5df1e690bef974c9f1d182acaf46739a31d3218deb60263
          • Instruction Fuzzy Hash: 7651D532F28D11CAE748DB7ADC426792AA35B89365F50C73AD92DCBBD8CE3CD5114600
          Function 00007FF66CB3ADC0 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: q\
          • API String ID: 0-4171316048
          • Opcode ID: 913865039cd500ed6851c46498b319c5e4e4a80784eb1bf9e532da8f1ea99479
          • Instruction ID: dcf3b95a902901cdc48463c68ecbe2a6c811ad3c2dc21bd536f42f6b5cfe0e2e
          • Opcode Fuzzy Hash: 913865039cd500ed6851c46498b319c5e4e4a80784eb1bf9e532da8f1ea99479
          • Instruction Fuzzy Hash: 8D416122B2495183EBA4C639AC51B6B66529BD6774F24D331E93DCBBD8CE3CD4024B00
          Function 00007FF66CB7C170 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: pr0?
          • API String ID: 0-1949227120
          • Opcode ID: 0e63dbce582f426995f05ad0d2fb32d6e6487b5c00898dd2957d9f9d53416cb7
          • Instruction ID: 9654436dd03c097ee4f87c43f0c0cca2eb439982f587cb489e6a6deb4f500bf4
          • Opcode Fuzzy Hash: 0e63dbce582f426995f05ad0d2fb32d6e6487b5c00898dd2957d9f9d53416cb7
          • Instruction Fuzzy Hash: BF41D433F20E61C9F7649BBAA84166E2AB1A749768F101725DE3CD7BC4DE38D4518710
          Function 00007FF66CB398A0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: iwr
          • API String ID: 0-2058742600
          • Opcode ID: 6f61a8c9b805e379a5922031c1ee9c542288c254ab9feac872b3b2117e80794e
          • Instruction ID: 9ad36916eb82a6e6f0aa05321405c13bc60e83c2974d273be98ef3ca230ae89a
          • Opcode Fuzzy Hash: 6f61a8c9b805e379a5922031c1ee9c542288c254ab9feac872b3b2117e80794e
          • Instruction Fuzzy Hash: FB41EBB2724E5183DB488B79A95116A6692B7C9BF0B10D335DA7ECB7D8DE3CD4018704
          Function 00007FF66CB65280 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: <LSr
          • API String ID: 0-3450139174
          • Opcode ID: b1b1257e052bd886984fb546fdcc28c6a26f4076f7789f6df42620bbd0c1c464
          • Instruction ID: 288a96a6cd9414be5c800269bb0bc6189e96c978f7cd8b9aba8b2902e323b677
          • Opcode Fuzzy Hash: b1b1257e052bd886984fb546fdcc28c6a26f4076f7789f6df42620bbd0c1c464
          • Instruction Fuzzy Hash: 19412773B38D51929764CB3BA91191B3D92A7A57E4B10E335ED6AC7FE9DA3CD0004B04
          Function 00007FF66CB3EF8B Relevance: 1.4, APIs: 1, Instructions: 118COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5ed3e7970a635fd639068a24164c8c247724026c92641874dc20c9fdae93beee
          • Instruction ID: a4fb137be3500b869b0cf8cdf3f63e05512f26bd10e003880d3c479655882062
          • Opcode Fuzzy Hash: 5ed3e7970a635fd639068a24164c8c247724026c92641874dc20c9fdae93beee
          • Instruction Fuzzy Hash: 464186A2729F9082DD44C7B9986137A6661DB4ABF0F209335FE7E4B7D5CF2CD0104600
          Function 00007FF66CB37990 Relevance: 1.4, APIs: 1, Instructions: 102COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: malloc
          • String ID:
          • API String ID: 2803490479-0
          • Opcode ID: fbe88cca722902fb19bfad099805115882eebe76dd6971c61c3d1758a09ebe3d
          • Instruction ID: 68d5401ca956a3dbe6d624974e1eb14e77e8faf0a17803ec667b509b6874a4aa
          • Opcode Fuzzy Hash: fbe88cca722902fb19bfad099805115882eebe76dd6971c61c3d1758a09ebe3d
          • Instruction Fuzzy Hash: E9417773F24E15CBFB148BB1D8622BC2AB1A75D751F048134C96DCBB84EE2C95428A00
          Function 00007FF66CB38F20 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: <:"
          • API String ID: 0-278960745
          • Opcode ID: abe581980c0359576d282b6b6fe48bd5aae6b691a50418cef75cd801f5ab5511
          • Instruction ID: 9d24d6835bddb6b5738b324c7583281aac85e563805ca6044a82f150f28fa978
          • Opcode Fuzzy Hash: abe581980c0359576d282b6b6fe48bd5aae6b691a50418cef75cd801f5ab5511
          • Instruction Fuzzy Hash: F5314036B2CA5183DB48CB79A56523B67E2D7C5740F508239E95ECF798CE3DC4018B04
          Function 00007FF66CB41D30 Relevance: 1.3, APIs: 1, Instructions: 81COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: free
          • String ID:
          • API String ID: 1294909896-0
          • Opcode ID: a4a0dca8b977f78ab19cc204e255403c51ac6985bfb3cb36965ff1f069f591ca
          • Instruction ID: d00c258125c89453542e0e07cb6d0f5c9bf5246e9b4f83750f860c32409fea3a
          • Opcode Fuzzy Hash: a4a0dca8b977f78ab19cc204e255403c51ac6985bfb3cb36965ff1f069f591ca
          • Instruction Fuzzy Hash: 6531FB77B28A5142EB649B39DC52B262652A7967B4F40A735EC3DCBBE4CE3CD0014B00
          Function 00007FF66CB335CE Relevance: 1.3, Strings: 1, Instructions: 69COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: _x8
          • API String ID: 0-3289680410
          • Opcode ID: f631feaa825afdbc08a687ede08a0dfac5689e191e98774b867cfaa1fa63e805
          • Instruction ID: 23262f01b9e1efd20de761970c73e4a49a61c0b5022ada79a689d16438a89e82
          • Opcode Fuzzy Hash: f631feaa825afdbc08a687ede08a0dfac5689e191e98774b867cfaa1fa63e805
          • Instruction Fuzzy Hash: 0E213733B34CB187B36889798C535A626A2C7877307548339E53DCFBD4DE3C99424A04
          Function 00007FF66CB3A540 Relevance: 1.3, APIs: 1, Instructions: 63COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: free
          • String ID:
          • API String ID: 1294909896-0
          • Opcode ID: 4f26df8c92cfefb4e00d5171621374185989c3ac70e69a502f31effdb93fd1e2
          • Instruction ID: 946d66c5942b4b57fbe6fda4e3d2660725ca41a73afabaecec8578a87902c6ff
          • Opcode Fuzzy Hash: 4f26df8c92cfefb4e00d5171621374185989c3ac70e69a502f31effdb93fd1e2
          • Instruction Fuzzy Hash: 1121D372B34E6483E764CB3AE85171A6693E7C5764FA08324D95CCBBE4CA3DD4028B00
          Function 00007FF66CB33B43 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: qDI$
          • API String ID: 0-2565614948
          • Opcode ID: fbdd9c28dffda53a4bbf0b7a2debae409b8427f1a6fdc6088e8c5e1c31281f70
          • Instruction ID: 742d853c99b0a646e20709e11f5799edbbd296024211dbacc0908bb99e2a36a2
          • Opcode Fuzzy Hash: fbdd9c28dffda53a4bbf0b7a2debae409b8427f1a6fdc6088e8c5e1c31281f70
          • Instruction Fuzzy Hash: F6110B32B6491587EB5CDA388C511AB3B629789335B64C335D63ACA2D4DF38D5564304
          Function 00007FF66CB3DDFE Relevance: 1.3, Strings: 1, Instructions: 43COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID: cj*
          • API String ID: 0-627523316
          • Opcode ID: 3d7161360e5afa920675bc2d2458d302f6c196df4c3ec503ea480e6dd76e639b
          • Instruction ID: fca0435f8d801f0430017f37f94c1fa525cf7581a93ebe98fdf9012348b794e8
          • Opcode Fuzzy Hash: 3d7161360e5afa920675bc2d2458d302f6c196df4c3ec503ea480e6dd76e639b
          • Instruction Fuzzy Hash: 6F01F922B3856187A76CCA39985193B69A38786358BA09739E81ECBBD4C93CDC424E00
          Function 00007FF66CB798A0 Relevance: .8, Instructions: 832COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7754335553c652ca7db5d5defcb2bb40cd0305c95415d3de45708637360abdb0
          • Instruction ID: 05208d2c89f54b5942c256cf4d6a5ff0db3417095deaa07559a7f5b081ec3fc8
          • Opcode Fuzzy Hash: 7754335553c652ca7db5d5defcb2bb40cd0305c95415d3de45708637360abdb0
          • Instruction Fuzzy Hash: 7E72F873B15E908AEB58CF7A9C513A93662AB4A7B4F109335DE3DCB7D8CE28D5118700
          Function 00007FF66CB385C0 Relevance: .6, Instructions: 551COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6d1b6d8ad8f07414373cc46451414fc3f2136a022189f684c243e50fc0769094
          • Instruction ID: 6499714bd860879f51966cebe7e5973476648f5ac62220fbe4aadc79cf25be4a
          • Opcode Fuzzy Hash: 6d1b6d8ad8f07414373cc46451414fc3f2136a022189f684c243e50fc0769094
          • Instruction Fuzzy Hash: 84222EB2B20F5086EF54CBB99C617AA2662A756BF4F109725EE3D9B7D4CE3CD0118300
          Function 00007FF66CB78FC0 Relevance: .4, Instructions: 374COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dab316e74fa5289dac492b6b6effd709150db61824f79a35152a7c5b49cb63ca
          • Instruction ID: 893717ca45dcb858e33f0e551767901cb2a206bf058f99bfebcd114e130c5fa5
          • Opcode Fuzzy Hash: dab316e74fa5289dac492b6b6effd709150db61824f79a35152a7c5b49cb63ca
          • Instruction Fuzzy Hash: ADE1C172F14F51C9EB14CBBA98512AD37B1AB4A7B8F104725EE3D9BBD9CE28D1508310
          Function 00007FF66CB385BE Relevance: .3, Instructions: 343COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d9e1ccd83fb876328e5be36c3d26ce0516d520dd1450e24cb4b7ca813ba4a89f
          • Instruction ID: 2259183abcf3054d32e43fc242d5a9a8f1c10f5e94b523b4ee260f858fa8814c
          • Opcode Fuzzy Hash: d9e1ccd83fb876328e5be36c3d26ce0516d520dd1450e24cb4b7ca813ba4a89f
          • Instruction Fuzzy Hash: FCD13EB2B24E5186EB18CF795C21BA62A62D756BF4B20A725ED3DDB7D4CE3CD5108300
          Function 00007FF66CB3A670 Relevance: .3, Instructions: 323COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: free
          • String ID:
          • API String ID: 1294909896-0
          • Opcode ID: 939e44a9546b2dea13f7735b6e46ee2b59ef737ec35c6198e66b8a24a98dbc55
          • Instruction ID: 1071a576cba050e863ce33d04b54807e790e09a5ccec6e8a7f6c4520666a4658
          • Opcode Fuzzy Hash: 939e44a9546b2dea13f7735b6e46ee2b59ef737ec35c6198e66b8a24a98dbc55
          • Instruction Fuzzy Hash: 47C13832F25A51C7FF18CBB5985117E27B2AB89764F604235DA2EDBBD4DE2CD4428B00
          Function 00007FF66CB324F5 Relevance: .3, Instructions: 252COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: free
          • String ID:
          • API String ID: 1294909896-0
          • Opcode ID: c0dce512570cca7e4e860aae9860db8f32a2c5afb9540998f5dcff44c2b32fd0
          • Instruction ID: 74b4c2dea51bf155a7836c6d1a03625603664e70b2345e8df7ccee6563afa275
          • Opcode Fuzzy Hash: c0dce512570cca7e4e860aae9860db8f32a2c5afb9540998f5dcff44c2b32fd0
          • Instruction Fuzzy Hash: 74913972F28D6187E758C67A985226A26629B897B5F148335ED3ECBBD4CE2CD8018740
          Function 00007FF66CB40A80 Relevance: .2, Instructions: 216COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 01971fc9c910d40765ece829d259352d0a8221d2c1b0b18a719987a781caaf87
          • Instruction ID: b78e8341c51b2f9511ff41334ade2d3147cbc7c8b01bb08af8736b59f9051301
          • Opcode Fuzzy Hash: 01971fc9c910d40765ece829d259352d0a8221d2c1b0b18a719987a781caaf87
          • Instruction Fuzzy Hash: 1E815B72718A8186EA44C679A85156A67A2DBDA7F0F50C335EE7EDF7D8DE3CD0018700
          Function 00007FF66CB3316B Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d93a2096766eae84881d122a5ce17ad27e4b4bf90b20fa71683d0e87c478b8be
          • Instruction ID: 640df1fdf66e8e351fd0995d7dfd662ff3790fec83465b2748360bd624e2384c
          • Opcode Fuzzy Hash: d93a2096766eae84881d122a5ce17ad27e4b4bf90b20fa71683d0e87c478b8be
          • Instruction Fuzzy Hash: 62713663B14A91C7FB148BB698513B92AA2E71A7F5F109335EE3E8B7D5CD2CD5418300
          Function 00007FF66CB7BA70 Relevance: .2, Instructions: 193COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 201f44f6f6d04e56d651f72a5f9e31a6f23a30869d87437667d28997985bec5b
          • Instruction ID: 49a585ac927983e74d6dee84a13af2457063965adf6f7e2c1f53db4cde4560d3
          • Opcode Fuzzy Hash: 201f44f6f6d04e56d651f72a5f9e31a6f23a30869d87437667d28997985bec5b
          • Instruction Fuzzy Hash: D0712F32B39D5582E754CB3AA851B2776A2A7D5BA1F109335ED6ECBBD4CE3CD8018700
          Function 00007FF66CB392E0 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fd128c612d5c08fe1fb120a982284aa4d101e8b19627c461be1d9eda26ff3d11
          • Instruction ID: 94b8a1ba565a2520bd27f68c418c17eedbd7788661842eb332100af6cd0c125a
          • Opcode Fuzzy Hash: fd128c612d5c08fe1fb120a982284aa4d101e8b19627c461be1d9eda26ff3d11
          • Instruction Fuzzy Hash: E761A872A18F5182EB108B79E85162A7BA1F7867B4F505721EABD8B7E8DF3CD4408700
          Function 00007FF66CC1B9D8 Relevance: .2, Instructions: 155COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5abc14fdc8d0c46988c44e531ba42b8c7faa5b0317ab1a31f89f96c3bc02b2fd
          • Instruction ID: 8d4be3114eae700741f869e1a57af16d6668f8ee00293c3875287fbeef4eace9
          • Opcode Fuzzy Hash: 5abc14fdc8d0c46988c44e531ba42b8c7faa5b0317ab1a31f89f96c3bc02b2fd
          • Instruction Fuzzy Hash: 27614962F10F54C8FF14DABAD4A13AA2771AB59BB4F109726DE3D5B7D8DE28C0918300
          Function 00007FF66CB78D20 Relevance: .2, Instructions: 155COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 914a90bc30866eafb57e86a3227da838d87067056f4f751910ba283932414035
          • Instruction ID: 4f4b3795ac9fbf12f28557fa2533eedde33f3708db37fbdcc88b6fa4f806d31c
          • Opcode Fuzzy Hash: 914a90bc30866eafb57e86a3227da838d87067056f4f751910ba283932414035
          • Instruction Fuzzy Hash: 0D510D76B28F5082DB44CB6AE85152A77B2E7DABE0F145235E95DDBBA4CE2CD4018B00
          Function 00007FF66CB3C6A0 Relevance: .2, Instructions: 150COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5490750b97ab2916fd0956311d7d5d4343643a6e68e8e4c4bec7e72c20504d18
          • Instruction ID: b806473792c36f39fab79eb94b2fbbdb7ba9bc288e381ff20aa4d06f0c55df91
          • Opcode Fuzzy Hash: 5490750b97ab2916fd0956311d7d5d4343643a6e68e8e4c4bec7e72c20504d18
          • Instruction Fuzzy Hash: A651E432B28D6187D25896789C1127666B2DB86730FA44735F67ECFBE4CE7CD8008B04
          Function 00007FF66CB375C8 Relevance: .1, Instructions: 148COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6bb0e7c39fa2d1bff75553abd23c58eb06594b1aa90817c6ace9224ae858f7dc
          • Instruction ID: a9352ca1155311acd143ebf1f77c19dfdddf118f97ce574add2aab5950555058
          • Opcode Fuzzy Hash: 6bb0e7c39fa2d1bff75553abd23c58eb06594b1aa90817c6ace9224ae858f7dc
          • Instruction Fuzzy Hash: F751A7B7A14F94C3EE00CB6AA4613AA6765E746BF1F205325EE7E6B7D4DE2CD4018600
          Function 00007FF66CB7B7D0 Relevance: .1, Instructions: 147COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 25b93aabc8f17dba9367218e0902c9ae1635fd4bdcbd885e767d0ef09509f9a3
          • Instruction ID: 4a3b993c041f3de3087038eda0cba280a3a4e3ecb7cbcf67f6c1788e7ef293f5
          • Opcode Fuzzy Hash: 25b93aabc8f17dba9367218e0902c9ae1635fd4bdcbd885e767d0ef09509f9a3
          • Instruction Fuzzy Hash: 0851E932B28E90C2DB50DB26E45175AA7B1EBCA794F105235EA9DCBF98CE3DD4018F00
          Function 00007FF66CB7B160 Relevance: .1, Instructions: 145COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 41b865182212062200e58a14f55851103bb5f4ac6215e4507b410943ec29b0fd
          • Instruction ID: 4c89840ec860fd8fc9af347c51f8a6622f1f0a39b20d3a25b78bf1f136641cdd
          • Opcode Fuzzy Hash: 41b865182212062200e58a14f55851103bb5f4ac6215e4507b410943ec29b0fd
          • Instruction Fuzzy Hash: EE51EB33B29F5182DB60C71AF451B2A67A1E7D9BE1F105231ED5E8BFA4CE2CD5418B00
          Function 00007FF66CB40950 Relevance: .1, Instructions: 142COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 78e35f373a2dc23ccf9bbbabd0ae2063f1257acc4a0ba5c0e8353693e6aea1b7
          • Instruction ID: 20de5f979d04da0343cf33f58bdea6007c69078f46c1bf5661b3366cc73804d0
          • Opcode Fuzzy Hash: 78e35f373a2dc23ccf9bbbabd0ae2063f1257acc4a0ba5c0e8353693e6aea1b7
          • Instruction Fuzzy Hash: 39514C72B29F9182EE14C679A85026A6662DB9A7E0F50C331EA6DDF7D8CE2CD0018704
          Function 00007FF66CB41EB0 Relevance: .1, Instructions: 142COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7ced36342bd6018fa1bd12d8c557f6cc74d9c3b78d28b75916ee81cada8f4d88
          • Instruction ID: 392860785d7c15234b6a1d1d48aae0969165157aed5563d1e7623dfe0aeab10d
          • Opcode Fuzzy Hash: 7ced36342bd6018fa1bd12d8c557f6cc74d9c3b78d28b75916ee81cada8f4d88
          • Instruction Fuzzy Hash: 02510A36B2CE5182EB14CA39E85176A2762E7867B5F149335FA7ECBBD8CE2DD4014700
          Function 00007FF66CB3143E Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 31fa901062d33301a9723b6844fb4856b7587dd8d1eaafd11f60bdca63199bb7
          • Instruction ID: a3345deb5a189aff28e1f16bb4f6976b6eb9246d0a18f20fd04d3886db936c30
          • Opcode Fuzzy Hash: 31fa901062d33301a9723b6844fb4856b7587dd8d1eaafd11f60bdca63199bb7
          • Instruction Fuzzy Hash: 36519232B19E51C2DA50DB25E85132E77B4EBCABA1F500231EA8ECB7A5CE2CD841C701
          Function 00007FF66CB39090 Relevance: .1, Instructions: 130COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dbd56fa87474e985b56ff6bd40b240c993b3b23706c46d6bdd1c5527a2c3eb6b
          • Instruction ID: 27217d9ae910b5617b03cebc242610425dce2f728f1a667ecc4476f752470d67
          • Opcode Fuzzy Hash: dbd56fa87474e985b56ff6bd40b240c993b3b23706c46d6bdd1c5527a2c3eb6b
          • Instruction Fuzzy Hash: B0514E32B18F4182DA548B39E85136A77A1E7C97B0F508726E6BE8B7E8DF3CD4518704
          Function 00007FF66CB3CDA0 Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c41213fa36da5b48168a1e6d5fe76ea21fd63864a92ae5c03fcae81925d89987
          • Instruction ID: b35aeb3606a52f51e528a5a6068c5558f61ca476eab6154f29792b5a00fcb5e0
          • Opcode Fuzzy Hash: c41213fa36da5b48168a1e6d5fe76ea21fd63864a92ae5c03fcae81925d89987
          • Instruction Fuzzy Hash: 9951FC63718A9086DB14C779A82126B6BA2D7977B0F148735FBBD8B7D9CD2DC4008B00
          Function 00007FF66CC01D40 Relevance: .1, Instructions: 127COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d71b1373ba1e802e9c0cf35db5ba50a78ba3d3b6dbd345608121c2dc46d188c1
          • Instruction ID: 49f4e2246206110cb46482678d6cf3762c2efb6ebcb7ae21e9c840595dc9ad31
          • Opcode Fuzzy Hash: d71b1373ba1e802e9c0cf35db5ba50a78ba3d3b6dbd345608121c2dc46d188c1
          • Instruction Fuzzy Hash: 03416BB3B28D4081EB58C778AC212777BA29B967B1F249335EA7ACB7D5CE1DC0404740
          Function 00007FF66CB95550 Relevance: .1, Instructions: 125COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4db4b8dc34e4d39c9ac234305d8665cc966e7d4d7145751fd7b07199ef313960
          • Instruction ID: cf33513d209ae83e60da38c370f49143dacf8ad3439c8cafd98e40a4bf23ca9d
          • Opcode Fuzzy Hash: 4db4b8dc34e4d39c9ac234305d8665cc966e7d4d7145751fd7b07199ef313960
          • Instruction Fuzzy Hash: 0E41D722B58A51C2DB14C725D99133A77B1ABEA7A1F548335EA6ECB7E4CE2CD4018700
          Function 00007FF66CC1B7E0 Relevance: .1, Instructions: 123COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9c9886b557990912b0d89a5c198d7b56921d4cb125dd1933c7c73d3724e806c0
          • Instruction ID: c86320c3e21861c1af10568d2dfeab8927339f67b2f381159622abd082dcae6d
          • Opcode Fuzzy Hash: 9c9886b557990912b0d89a5c198d7b56921d4cb125dd1933c7c73d3724e806c0
          • Instruction Fuzzy Hash: E4418F63738A5182EB648B3BA82272A6AB1D7427F4F105735ED7ACBFD5CD1DE0414B00
          Function 00007FF66CB78190 Relevance: .1, Instructions: 114COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4324adf97f3402506e0e30f12422ca5792a18be4995fef3a8b795dfe9314b5e2
          • Instruction ID: 800c72a698832368e9a499008d8c4452f45df50b2d8d2e84851e0fefd231b23d
          • Opcode Fuzzy Hash: 4324adf97f3402506e0e30f12422ca5792a18be4995fef3a8b795dfe9314b5e2
          • Instruction Fuzzy Hash: 2D412433729E4186DA44CA3DA85127E77B1A78A730F64933AEA7ECB7D4CE2DD0018700
          Function 00007FF66CB796B0 Relevance: .1, Instructions: 108COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6a48d4902eb25708f0a142a32f4c57a45bd762939ccacd012fceb0af4225bc36
          • Instruction ID: 488871bcda00c87098955dfae3839e50a4e74953d2eeced583da2ef1f2bc9bc9
          • Opcode Fuzzy Hash: 6a48d4902eb25708f0a142a32f4c57a45bd762939ccacd012fceb0af4225bc36
          • Instruction Fuzzy Hash: 72416F72F38D91826654CBBBAC52E67695257A67F87109B25ED3ADFBE4CE3CE0004300
          Function 00007FF66CB32DF0 Relevance: .1, Instructions: 104COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 913dc2f2094a2ef6804a65b91a15564e657f86fd978184824815659326a4dba3
          • Instruction ID: 5e052af2ff37d1d6c75c73ab12bdd6c4d7dc231927558e2ffbd30d75ac7a0f84
          • Opcode Fuzzy Hash: 913dc2f2094a2ef6804a65b91a15564e657f86fd978184824815659326a4dba3
          • Instruction Fuzzy Hash: F441F677B28D51C7E7588728DC5213A22729BC9761B648339E66ECF7E5CE3CD8028B01
          Function 00007FF66CB36DA0 Relevance: .1, Instructions: 101COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4ff349c07daa467edf2ec47f87510373623e86cc5eb2d5d57195e604873a2c99
          • Instruction ID: a577017c3ddb1837527bf1658af09c68ad25c4174da14a7d0f2bcfca15227a9e
          • Opcode Fuzzy Hash: 4ff349c07daa467edf2ec47f87510373623e86cc5eb2d5d57195e604873a2c99
          • Instruction Fuzzy Hash: 984127B6B18E8082D7148779985126A3A61E79ABB4F145325FE7E9B7E5CF2CC410C700
          Function 00007FF66CB78B90 Relevance: .1, Instructions: 93COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 112817fc274805bf5090e48346b1a99fe352ddca5411a3ae31fa58c082f764d4
          • Instruction ID: 5ef2cc9875ce3e68a724ba5a32ff0b9e17e4398ed4581377e0b614805b142025
          • Opcode Fuzzy Hash: 112817fc274805bf5090e48346b1a99fe352ddca5411a3ae31fa58c082f764d4
          • Instruction Fuzzy Hash: EF315773F34E10CAF7489BBADC8217E26B2AB59710F148235DA2DDB794DE38D0618320
          Function 00007FF66CB78750 Relevance: .1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e4360438753c92bfbf198194a8da78cd126ba5765691bf4f71cfb58f5f96c1ae
          • Instruction ID: 17cf1ad44ca9bf4910f711bbc280dc8b67d2709c6ea4f86f3e37a9b5138c032c
          • Opcode Fuzzy Hash: e4360438753c92bfbf198194a8da78cd126ba5765691bf4f71cfb58f5f96c1ae
          • Instruction Fuzzy Hash: BD312832B26D6043975CCA3A9C5222B66635BD53B0B54933AF93ACBBD8CE2CD5024704
          Function 00007FF66CC63F10 Relevance: .1, Instructions: 90COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID: Value
          • String ID:
          • API String ID: 3702945584-0
          • Opcode ID: 1a5ecb8c25196eba6d57b83327677abb990c5c844705fda20a9656d7f8895d88
          • Instruction ID: e9604b3f9e22990c7e347fe0ae493203f7a43c044069ca5abbd66575ac23009c
          • Opcode Fuzzy Hash: 1a5ecb8c25196eba6d57b83327677abb990c5c844705fda20a9656d7f8895d88
          • Instruction Fuzzy Hash: 64311732B38E0182EA58CB3AED5113A72F1A785350F504639E65ECBBE4CE2DC4018B00
          Function 00007FF66CB95990 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: baf499bde155881364829d4d41de66891fa594a8140cacf784a685c20619e89c
          • Instruction ID: a6c2eed1b954ac860468618b428a99d82eceba34da0b8dbdaf024acf841a81ff
          • Opcode Fuzzy Hash: baf499bde155881364829d4d41de66891fa594a8140cacf784a685c20619e89c
          • Instruction Fuzzy Hash: 6E31B272B6895183E74C8A39DC6223A76619B97771F24873DE67BCB7E0CE1CC4014708
          Function 00007FF66CB372F2 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c5363a9de25a010a3d626757aa8728d562387b0913ee9c0bd2bdc58f44a02355
          • Instruction ID: cc378b50a92d7a98078eb8c62f9f5c30d3eb290fafd452c2f78f7bbf0c774e63
          • Opcode Fuzzy Hash: c5363a9de25a010a3d626757aa8728d562387b0913ee9c0bd2bdc58f44a02355
          • Instruction Fuzzy Hash: 7931F8B2714E90C2FD54C776A9227A75752AB46BF4E10A332FE7E5B7D9CE2CD0015600
          Function 00007FF66CB31590 Relevance: .1, Instructions: 79COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 64c7c7d9d2fe2fdd3a54f242908af4f48b9254c3d2831139dd03113548b2e03a
          • Instruction ID: 8f52c1359434e4e4bcaf4d7af75812e53988b44ed2b9418379e6d9cf54a889ad
          • Opcode Fuzzy Hash: 64c7c7d9d2fe2fdd3a54f242908af4f48b9254c3d2831139dd03113548b2e03a
          • Instruction Fuzzy Hash: 26213EB3B398218292688739A801867259297A67B47546739E97ECFBD4CE2CD4524F04
          Function 00007FF66CC01F2C Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9ab32c668e71f8e363e22874e7fbfa9a1772f24b7d6b14cd9c2cf796a7f09244
          • Instruction ID: 136b628c9f7d1fa63d00dfcaa755e3b4ef6320cfbf693b65809700d862b3fe1c
          • Opcode Fuzzy Hash: 9ab32c668e71f8e363e22874e7fbfa9a1772f24b7d6b14cd9c2cf796a7f09244
          • Instruction Fuzzy Hash: 50312DB1729F4081EE50DA79986126A6661EB85BF0F10A325FE7E4B7E4CF2DD0108600
          Function 00007FF66CB95850 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 22e4e3e16e195032f42afe1707115552a54746ec1026e54ed335814262f420ca
          • Instruction ID: ec4cb46c290b050c39f9a61224b0bcccea8481472c07c3183af1c0f7bbdcd988
          • Opcode Fuzzy Hash: 22e4e3e16e195032f42afe1707115552a54746ec1026e54ed335814262f420ca
          • Instruction Fuzzy Hash: D0217E32F38A5182E724CB39E84582A7BB2979B7A5F448335D94DCBAE5CE2CD1058B04
          Function 00007FF66CB37100 Relevance: .1, Instructions: 64COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e58192846ef1a76b528f5e94a050e0c0a35c40baa889fb5d59d3f0287f8de57a
          • Instruction ID: d77f5866553d82c28caa4de54f61fe31d3d0418228d7370b434587766c99a5c4
          • Opcode Fuzzy Hash: e58192846ef1a76b528f5e94a050e0c0a35c40baa889fb5d59d3f0287f8de57a
          • Instruction Fuzzy Hash: AC213673B6884283C7188F38B81256A2BA2A7887A4F445724EA1ECFBE8CD3CD5104A00
          Function 00007FF66CB7AD90 Relevance: .1, Instructions: 60COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 59ed5f5d2754730b0756c3707a50136efd2a54078264712cf85a947caf049a92
          • Instruction ID: dc3513a3809faea23579758c6f24057beaa39634e8736dd51e12dfda19907d4a
          • Opcode Fuzzy Hash: 59ed5f5d2754730b0756c3707a50136efd2a54078264712cf85a947caf049a92
          • Instruction Fuzzy Hash: C021DA77B289118BD358CB7AA8450667672D7C9361B549339EA1ACB7D8CE3CE5019F00
          Function 00007FF66CB3287D Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.1614887424.00007FF66CB31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66CB30000, based on PE: true
          • Associated: 00000002.00000002.1614859264.00007FF66CB30000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615114616.00007FF66CD5F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615136598.00007FF66CD6E000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB6000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CDB9000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE0F000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615174624.00007FF66CE4A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000002.00000002.1615313210.00007FF66CE4E000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ff66cb30000_EMfRi659Ir.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f3d84d55f720809a0a3218907a6e70eab9e61edc168425385dcba0c2de1c65e1
          • Instruction ID: 7cb5698979ffe68297bd3d27ff63225b2635d3512b148086677c716a44ac2f66
          • Opcode Fuzzy Hash: f3d84d55f720809a0a3218907a6e70eab9e61edc168425385dcba0c2de1c65e1
          • Instruction Fuzzy Hash: 39112273F6587097236C8ABA58116AA25626BC8771364C328DD3E9BBD8CE349D028684