Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zapytanie 2025.exe

Overview

General Information

Sample name:zapytanie 2025.exe
Analysis ID:1589896
MD5:15fe2ac3357c534e280cc8d9de964aed
SHA1:af1e4824a0a4954c69fe91b6ad54e66a4f3a7511
SHA256:441c8c73ea3f781774e9ee684d4d51127ec736c9fb6423fad0aea20695abd3c3
Tags:exeuser-julianmckein
Infos:

Detection

AsyncRAT, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected AsyncRAT
Yara detected PureLog Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • zapytanie 2025.exe (PID: 1012 cmdline: "C:\Users\user\Desktop\zapytanie 2025.exe" MD5: 15FE2AC3357C534E280CC8D9DE964AED)
    • zapytanie 2025.exe (PID: 6508 cmdline: "C:\Users\user\Desktop\zapytanie 2025.exe" MD5: 15FE2AC3357C534E280CC8D9DE964AED)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AsyncRATAsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Malware Configuration

Threatname: AsyncRAT

{"Server": "quin.ydns.eu,185.38.142.240", "Port": "1962,1940", "Version": "0.5.8", "MutexName": "dLOEY8XRq1oB", "Autorun": "false", "Group": "null"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2053805650.0000000003809000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
      00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
      • 0x97c5:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
      00000000.00000002.2056404178.0000000006A50000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
          Click to see the 9 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.zapytanie 2025.exe.38262a8.7.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.zapytanie 2025.exe.38262a8.7.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.zapytanie 2025.exe.28718d0.0.raw.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                0.2.zapytanie 2025.exe.28718d0.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  0.2.zapytanie 2025.exe.28718d0.0.raw.unpackWindows_Trojan_Asyncrat_11a11ba1unknownunknown
                  • 0x9933:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn "
                  • 0x153f7:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn "
                  • 0xac38:$a2: Stub.exe
                  • 0xacc8:$a2: Stub.exe
                  • 0x16714:$a2: Stub.exe
                  • 0x167a4:$a2: Stub.exe
                  • 0x66f6:$a3: get_ActivatePong
                  • 0x121ba:$a3: get_ActivatePong
                  • 0x9b4b:$a4: vmware
                  • 0x1560f:$a4: vmware
                  • 0x99c3:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
                  • 0x15487:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
                  • 0x7448:$a6: get_SslClient
                  • 0x12f0c:$a6: get_SslClient
                  Click to see the 26 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-13T10:03:23.576128+010020355951Domain Observed Used for C2 Detected185.38.142.2401940192.168.2.549724TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-13T10:03:23.576128+010020356071Domain Observed Used for C2 Detected185.38.142.2401940192.168.2.549724TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-13T10:03:23.576128+010028424781Malware Command and Control Activity Detected185.38.142.2401940192.168.2.549724TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: AsyncRAT {"Server": "quin.ydns.eu,185.38.142.240", "Port": "1962,1940", "Version": "0.5.8", "MutexName": "dLOEY8XRq1oB", "Autorun": "false", "Group": "null"}
                  Multi AV Scanner detection for submitted file
                  Source: zapytanie 2025.exeVirustotal: Detection: 44%Perma Link
                  Source: zapytanie 2025.exeReversingLabs: Detection: 34%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: zapytanie 2025.exeJoe Sandbox ML: detected
                  Source: zapytanie 2025.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: zapytanie 2025.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: qqog.pdbSHA256 source: zapytanie 2025.exe
                  Source: Binary string: qqog.pdb source: zapytanie 2025.exe

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 185.38.142.240:1940 -> 192.168.2.5:49724
                  Source: Network trafficSuricata IDS: 2030673 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 185.38.142.240:1940 -> 192.168.2.5:49724
                  Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 185.38.142.240:1940 -> 192.168.2.5:49724
                  Source: Network trafficSuricata IDS: 2035607 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 185.38.142.240:1940 -> 192.168.2.5:49724
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: quin.ydns.eu
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPE
                  Source: global trafficTCP traffic: 192.168.2.5:49724 -> 185.38.142.240:1940
                  Source: Joe Sandbox ViewASN Name: NETSOLUTIONSNL NETSOLUTIONSNL
                  Source: unknownDNS traffic detected: query: quin.ydns.eu replaycode: Name error (3)
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.38.142.240
                  Source: global trafficDNS traffic detected: DNS query: quin.ydns.eu
                  Source: zapytanie 2025.exe, 00000003.00000002.3296784648.000000000105A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                  Source: zapytanie 2025.exe, 00000003.00000002.3296784648.00000000010B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabao
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: zapytanie 2025.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Yara detected AsyncRAT
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 1012, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 6508, type: MEMORYSTR

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
                  Source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
                  Source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
                  Source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: Process Memory Space: zapytanie 2025.exe PID: 1012, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: Process Memory Space: zapytanie 2025.exe PID: 6508, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_00EEE0B40_2_00EEE0B4
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E9DAD80_2_06E9DAD8
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E986080_2_06E98608
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E9A5500_2_06E9A550
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E992A00_2_06E992A0
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E992B00_2_06E992B0
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E9F1580_2_06E9F158
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E98E780_2_06E98E78
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E98A400_2_06E98A40
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_06E90B980_2_06E90B98
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_08BBB4680_2_08BBB468
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_08BBED580_2_08BBED58
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_08BB00060_2_08BB0006
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_08BB00400_2_08BB0040
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_08BB56E80_2_08BB56E8
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_08BB56D90_2_08BB56D9
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 3_2_02BC68683_2_02BC6868
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 3_2_02BC5F983_2_02BC5F98
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 3_2_02BCA6483_2_02BCA648
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 3_2_02BC5C503_2_02BC5C50
                  Source: zapytanie 2025.exe, 00000000.00000002.2052998629.0000000002962000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs zapytanie 2025.exe
                  Source: zapytanie 2025.exe, 00000000.00000002.2057146544.0000000008B20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs zapytanie 2025.exe
                  Source: zapytanie 2025.exe, 00000000.00000002.2053805650.0000000003809000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs zapytanie 2025.exe
                  Source: zapytanie 2025.exe, 00000000.00000002.2052078527.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs zapytanie 2025.exe
                  Source: zapytanie 2025.exe, 00000000.00000000.2042750711.000000000050E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameqqog.exe0 vs zapytanie 2025.exe
                  Source: zapytanie 2025.exe, 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStub.exe" vs zapytanie 2025.exe
                  Source: zapytanie 2025.exe, 00000000.00000002.2053805650.0000000003846000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs zapytanie 2025.exe
                  Source: zapytanie 2025.exe, 00000000.00000002.2056404178.0000000006A50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs zapytanie 2025.exe
                  Source: zapytanie 2025.exe, 00000003.00000002.3296481390.000000000040E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStub.exe" vs zapytanie 2025.exe
                  Source: zapytanie 2025.exeBinary or memory string: OriginalFilenameqqog.exe0 vs zapytanie 2025.exe
                  Source: zapytanie 2025.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
                  Source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
                  Source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
                  Source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
                  Source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
                  Source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: Process Memory Space: zapytanie 2025.exe PID: 1012, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: Process Memory Space: zapytanie 2025.exe PID: 6508, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: zapytanie 2025.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@3/1@3/1
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\zapytanie 2025.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMutant created: NULL
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMutant created: \Sessions\1\BaseNamedObjects\dLOEY8XRq1oB
                  Source: zapytanie 2025.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: zapytanie 2025.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: zapytanie 2025.exeVirustotal: Detection: 44%
                  Source: zapytanie 2025.exeReversingLabs: Detection: 34%
                  Source: unknownProcess created: C:\Users\user\Desktop\zapytanie 2025.exe "C:\Users\user\Desktop\zapytanie 2025.exe"
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess created: C:\Users\user\Desktop\zapytanie 2025.exe "C:\Users\user\Desktop\zapytanie 2025.exe"
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess created: C:\Users\user\Desktop\zapytanie 2025.exe "C:\Users\user\Desktop\zapytanie 2025.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: zapytanie 2025.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: zapytanie 2025.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: zapytanie 2025.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: qqog.pdbSHA256 source: zapytanie 2025.exe
                  Source: Binary string: qqog.pdb source: zapytanie 2025.exe
                  Source: zapytanie 2025.exeStatic PE information: 0xF2C954B2 [Wed Jan 28 10:51:30 2099 UTC]
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeCode function: 0_2_00EEDA70 push eax; retf 0_2_00EEDA71
                  Source: zapytanie 2025.exeStatic PE information: section name: .text entropy: 7.64947126519897

                  Boot Survival

                  barindex
                  Yara detected AsyncRAT
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 1012, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 6508, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 1012, type: MEMORYSTR
                  Yara detected AsyncRAT
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 1012, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 6508, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: zapytanie 2025.exe, 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, zapytanie 2025.exe, 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: E80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: 4800000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: 9410000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: A410000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: A640000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: B640000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: 2BC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: 4D70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeWindow / User API: threadDelayed 1137Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeWindow / User API: threadDelayed 8713Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exe TID: 3208Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exe TID: 904Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exe TID: 1628Thread sleep count: 1137 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exe TID: 1628Thread sleep count: 8713 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: zapytanie 2025.exe, 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                  Source: zapytanie 2025.exe, 00000003.00000002.3296784648.000000000105A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllia
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeMemory written: C:\Users\user\Desktop\zapytanie 2025.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeProcess created: C:\Users\user\Desktop\zapytanie 2025.exe "C:\Users\user\Desktop\zapytanie 2025.exe"Jump to behavior
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DDF000.00000004.00000800.00020000.00000000.sdmp, zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DCF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\]q
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DDF000.00000004.00000800.00020000.00000000.sdmp, zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DCF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DDB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\]q%
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DCF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]qX
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DCF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]q8
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DFF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]qDG
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DFF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]q$I
                  Source: zapytanie 2025.exe, 00000003.00000002.3298106086.0000000002DDB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]q
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Users\user\Desktop\zapytanie 2025.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Users\user\Desktop\zapytanie 2025.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Lowering of HIPS / PFW / Operating System Security Settings

                  barindex
                  Yara detected AsyncRAT
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28718d0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.zapytanie 2025.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.28663f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 1012, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: zapytanie 2025.exe PID: 6508, type: MEMORYSTR
                  Source: zapytanie 2025.exe, 00000003.00000002.3296784648.00000000010B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: C:\Users\user\Desktop\zapytanie 2025.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.38262a8.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.38262a8.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.6a50000.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.2c88650.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.6a50000.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.2c88650.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.2a66918.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.29adf80.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.2053805650.0000000003809000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2056404178.0000000006A50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2052998629.0000000002962000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                  Remote Access Functionality

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.38262a8.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.38262a8.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.6a50000.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.2c88650.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.6a50000.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.2c88650.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.2a66918.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.zapytanie 2025.exe.29adf80.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.2053805650.0000000003809000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2056404178.0000000006A50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2052998629.0000000002962000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Windows Management Instrumentation                  		1
                  Scheduled Task/Job                  		112
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping121
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		1
                  Disable or Modify Tools                  		LSASS Memory1
                  Process Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		31
                  Virtualization/Sandbox Evasion                  		Security Account Manager31
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook112
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture11
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Obfuscated Files or Information                  		LSA Secrets13
                  System Information Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Software Packing                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Timestomp                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  DLL Side-Loading                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  zapytanie 2025.exe44%VirustotalBrowse
                  zapytanie 2025.exe34%ReversingLabs
                  zapytanie 2025.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  quin.ydns.eu0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  quin.ydns.eu
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    quin.ydns.eutrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namezapytanie 2025.exe, 00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://tempuri.org/DataSet1.xsdzapytanie 2025.exefalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        185.38.142.240
                        		unknownPortugal
                        		47674NETSOLUTIONSNLtrue

                        General Information

                        Joe Sandbox version:42.0.0 Malachite
                        Analysis ID:1589896
                        Start date and time:2025-01-13 10:02:10 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 4m 55s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:6
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:zapytanie 2025.exe
                        Detection:MAL
                        Classification:mal100.troj.evad.winEXE@3/1@3/1
                        EGA Information:
                        • Successful, ratio: 50%
                        HCA Information:
                        • Successful, ratio: 99%
                        • Number of executed functions: 103
                        • Number of non-executed functions: 12
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 184.28.90.27, 172.202.163.200, 13.107.246.45
                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target zapytanie 2025.exe, PID 6508 because it is empty
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        04:03:01API Interceptor1x Sleep call for process: zapytanie 2025.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        185.38.142.240PRESUPUEST.exeGet hashmaliciousAsyncRATBrowse
                          Aviso de transferencia.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                            rUAE_LPO.com.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              NETSOLUTIONSNL46VHQmFDxC.exeGet hashmaliciousRedLineBrowse
                              • 185.38.142.167
                              ds1bfe33xg.exeGet hashmaliciousRedLineBrowse
                              • 185.38.142.167
                              PRESUPUEST.exeGet hashmaliciousAsyncRATBrowse
                              • 185.38.142.240
                              Aviso de transferencia.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                              • 185.38.142.240
                              rUAE_LPO.com.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                              • 185.38.142.240
                              A9BripDhRY.lnkGet hashmaliciousUnknownBrowse
                              • 185.38.142.128
                              93.123.85.253-bot.armv4l-2024-08-28T17_49_11.elfGet hashmaliciousUnknownBrowse
                              • 188.93.233.79
                              a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36_dump.exeGet hashmaliciousRedLineBrowse
                              • 185.38.142.10
                              b3u71vBG0u.exeGet hashmaliciousRedLineBrowse
                              • 185.38.142.10
                              2MbHBiqXH2.rtfGet hashmaliciousRedLineBrowse
                              • 185.38.142.10

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\zapytanie 2025.exe.log

                              Download File
                              Process:C:\Users\user\Desktop\zapytanie 2025.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1216
                              Entropy (8bit):5.34331486778365
                              Encrypted:false
                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                              Malicious:true
                              Reputation:high, very likely benign file
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):7.641338470740373
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                              • Win32 Executable (generic) a (10002005/4) 49.78%
                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                              • Generic Win/DOS Executable (2004/3) 0.01%
                              • DOS Executable Generic (2002/1) 0.01%
                              File name:zapytanie 2025.exe
                              File size:702'976 bytes
                              MD5:15fe2ac3357c534e280cc8d9de964aed
                              SHA1:af1e4824a0a4954c69fe91b6ad54e66a4f3a7511
                              SHA256:441c8c73ea3f781774e9ee684d4d51127ec736c9fb6423fad0aea20695abd3c3
                              SHA512:c32bfa3d04b1e67b2019afd9ee25b136e1880279f32a17a30128d2e574eb19578996167015cb620b91e3380186bc20b997045db426d4420ea4e1977b730acbdc
                              SSDEEP:12288:r8dStNKcItS4StNKcItSfl12tZ9uLUxL7HNHJTs2aInH5am38Dj11WWh2fab8fXk:r8yNK1t4NK1tOqLBCIHom383WxfaoXpe
                              TLSH:EBE4F1203A9ADB03C0A66FF41521E2B457B45E8DAA21D3079FDA3DEF7C77B042944A53
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T................0.................. ........@.. ....................... ............@................................

                              File Icon

                              Icon Hash:00928e8e8686b000

                              Static PE Info

                              General

                              Entrypoint:0x4acfae
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Time Stamp:0xF2C954B2 [Wed Jan 28 10:51:30 2099 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                              Entrypoint Preview

                              Instruction
                              jmp dword ptr [00402000h]
                              call far 0000h : 003E9999h
                              aas
                              int CCh
                              dec esp
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0xacf5b0x4f.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x594.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xb00000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0xaaaa80x70.text
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x20000xaafc40xab0005f546096487be6875767caa1600203c0False0.8826183296783626data7.64947126519897IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rsrc0xae0000x5940x6009ad58527891a2a6016ce6039f19eae9dFalse0.4134114583333333data4.032472233215396IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0xb00000xc0x200cdd4228ce5fef9938235403e72991139False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_VERSION0xae0900x304data0.4326424870466321
                              RT_MANIFEST0xae3a40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                              Imports

                              DLLImport
                              mscoree.dll_CorExeMain

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2025-01-13T10:03:23.576128+01002842478ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)1185.38.142.2401940192.168.2.549724TCP
                              2025-01-13T10:03:23.576128+01002030673ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)1185.38.142.2401940192.168.2.549724TCP
                              2025-01-13T10:03:23.576128+01002035595ET MALWARE Generic AsyncRAT Style SSL Cert1185.38.142.2401940192.168.2.549724TCP
                              2025-01-13T10:03:23.576128+01002035607ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)1185.38.142.2401940192.168.2.549724TCP

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 13, 2025 10:03:22.889520884 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:22.894460917 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:22.894575119 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:22.907658100 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:22.912506104 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:23.552273989 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:23.552326918 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:23.552436113 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:23.571294069 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:23.576128006 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:24.257055998 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:24.297278881 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:24.481025934 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:24.487875938 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:24.487952948 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:24.494456053 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:25.977696896 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:26.031606913 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:26.095381975 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:26.140875101 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:37.126183033 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:37.131218910 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:37.131294966 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:37.136086941 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:37.574894905 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:37.625461102 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:37.705136061 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:37.707472086 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:37.712337017 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:37.712397099 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:37.717139959 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:49.782661915 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:49.787609100 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:49.787686110 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:49.792655945 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:50.382143021 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:50.437969923 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:50.509856939 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:50.522011042 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:50.526900053 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:50.526956081 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:50.531846046 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:55.993263006 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:56.047493935 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:03:56.121965885 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:03:56.172369957 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:02.438517094 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:02.443458080 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:02.443515062 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:02.448385954 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:02.732140064 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:02.781800032 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:02.862020969 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:02.863992929 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:02.868858099 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:02.868915081 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:02.873797894 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:15.094880104 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:15.099993944 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:15.100161076 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:15.105093002 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:15.396262884 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:15.438127995 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:15.526149035 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:15.527518988 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:15.532368898 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:15.532428026 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:15.537308931 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:26.603774071 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:26.661753893 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:26.734409094 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:26.782092094 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:27.835112095 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:27.840270042 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:27.840342999 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:27.845246077 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:28.340081930 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:28.391469955 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:28.472141027 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:28.473536968 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:28.478427887 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:28.478497982 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:28.483378887 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:40.438708067 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:40.443981886 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:40.444168091 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:40.449454069 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:41.025719881 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:41.078938961 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:41.158514023 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:41.160013914 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:41.165150881 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:41.165229082 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:41.170253038 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:53.095186949 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:53.100253105 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:53.100344896 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:53.105190039 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:53.388775110 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:53.438446999 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:53.519639015 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:53.521285057 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:53.526122093 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:53.526174068 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:53.531058073 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:55.999870062 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:56.047832966 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:04:56.129040956 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:04:56.172792912 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:05.755537987 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:05.760693073 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:05.760756016 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:05.765595913 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:06.061837912 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:06.110374928 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:06.191827059 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:06.196012020 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:06.200931072 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:06.200987101 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:06.205837965 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:08.360667944 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:08.365814924 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:08.365878105 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:08.370773077 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:08.661606073 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:08.704149961 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:08.894717932 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:08.898648977 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:08.903575897 CET194049724185.38.142.240192.168.2.5
                              Jan 13, 2025 10:05:08.904208899 CET497241940192.168.2.5185.38.142.240
                              Jan 13, 2025 10:05:08.909069061 CET194049724185.38.142.240192.168.2.5

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 13, 2025 10:03:07.793204069 CET6199253192.168.2.51.1.1.1
                              Jan 13, 2025 10:03:07.807765961 CET53619921.1.1.1192.168.2.5
                              Jan 13, 2025 10:03:12.814002991 CET6331153192.168.2.51.1.1.1
                              Jan 13, 2025 10:03:12.833627939 CET53633111.1.1.1192.168.2.5
                              Jan 13, 2025 10:03:17.844820023 CET5976153192.168.2.51.1.1.1
                              Jan 13, 2025 10:03:17.870762110 CET53597611.1.1.1192.168.2.5

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Jan 13, 2025 10:03:07.793204069 CET192.168.2.51.1.1.10xbd9dStandard query (0)quin.ydns.euA (IP address)IN (0x0001)false
                              Jan 13, 2025 10:03:12.814002991 CET192.168.2.51.1.1.10x5f42Standard query (0)quin.ydns.euA (IP address)IN (0x0001)false
                              Jan 13, 2025 10:03:17.844820023 CET192.168.2.51.1.1.10x15ccStandard query (0)quin.ydns.euA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Jan 13, 2025 10:03:07.807765961 CET1.1.1.1192.168.2.50xbd9dName error (3)quin.ydns.eunonenoneA (IP address)IN (0x0001)false
                              Jan 13, 2025 10:03:12.833627939 CET1.1.1.1192.168.2.50x5f42Name error (3)quin.ydns.eunonenoneA (IP address)IN (0x0001)false
                              Jan 13, 2025 10:03:17.870762110 CET1.1.1.1192.168.2.50x15ccName error (3)quin.ydns.eunonenoneA (IP address)IN (0x0001)false

                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:04:03:01
                              Start date:13/01/2025
                              Path:C:\Users\user\Desktop\zapytanie 2025.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\zapytanie 2025.exe"
                              Imagebase:0x460000
                              File size:702'976 bytes
                              MD5 hash:15FE2AC3357C534E280CC8D9DE964AED
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2053805650.0000000003809000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2056404178.0000000006A50000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Asyncrat_11a11ba1, Description: unknown, Source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000000.00000002.2052998629.0000000002801000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2052998629.0000000002962000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:3
                              Start time:04:03:01
                              Start date:13/01/2025
                              Path:C:\Users\user\Desktop\zapytanie 2025.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\zapytanie 2025.exe"
                              Imagebase:0xa30000
                              File size:702'976 bytes
                              MD5 hash:15FE2AC3357C534E280CC8D9DE964AED
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000003.00000002.3296481390.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000003.00000002.3298106086.0000000002D71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:low
                              Has exited:false

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:10%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:193
                                Total number of Limit Nodes:12
                                execution_graph 34718 6e9d528 34719 6e9d6b3 34718->34719 34721 6e9d54e 34718->34721 34721->34719 34722 6e97b7c 34721->34722 34723 6e9d7a8 PostMessageW 34722->34723 34724 6e9d814 34723->34724 34724->34721 34725 ee4668 34726 ee467a 34725->34726 34727 ee4686 34726->34727 34729 ee4779 34726->34729 34730 ee479d 34729->34730 34734 ee4888 34730->34734 34738 ee4879 34730->34738 34736 ee48af 34734->34736 34735 ee498c 34735->34735 34736->34735 34742 ee4514 34736->34742 34740 ee48af 34738->34740 34739 ee498c 34739->34739 34740->34739 34741 ee4514 CreateActCtxA 34740->34741 34741->34739 34743 ee5918 CreateActCtxA 34742->34743 34745 ee59db 34743->34745 34943 eed4f8 34944 eed53e 34943->34944 34948 eed6d8 34944->34948 34951 eed6c7 34944->34951 34945 eed62b 34949 eed706 34948->34949 34954 eecde0 34948->34954 34949->34945 34952 eecde0 DuplicateHandle 34951->34952 34953 eed706 34952->34953 34953->34945 34955 eed740 DuplicateHandle 34954->34955 34956 eed7d6 34955->34956 34956->34949 34957 eeb178 34958 eeb187 34957->34958 34960 eeb261 34957->34960 34961 eeb2a4 34960->34961 34962 eeb281 34960->34962 34961->34958 34962->34961 34963 eeb4a8 GetModuleHandleW 34962->34963 34964 eeb4d5 34963->34964 34964->34958 34746 6e9b66e 34747 6e9b70b 34746->34747 34751 6e9c060 34747->34751 34768 6e9c050 34747->34768 34748 6e9b71b 34752 6e9c07a 34751->34752 34785 6e9c7c9 34752->34785 34791 6e9c871 34752->34791 34795 6e9ccf1 34752->34795 34799 6e9c77e 34752->34799 34804 6e9c55f 34752->34804 34818 6e9c91a 34752->34818 34825 6e9c59b 34752->34825 34829 6e9c9e2 34752->34829 34834 6e9c643 34752->34834 34848 6e9c601 34752->34848 34852 6e9c581 34752->34852 34866 6e9ca81 34752->34866 34870 6e9c50a 34752->34870 34874 6e9c5eb 34752->34874 34753 6e9c09e 34753->34748 34770 6e9c060 34768->34770 34769 6e9c09e 34769->34748 34771 6e9c7c9 2 API calls 34770->34771 34772 6e9c5eb 4 API calls 34770->34772 34773 6e9c50a 2 API calls 34770->34773 34774 6e9ca81 2 API calls 34770->34774 34775 6e9c581 6 API calls 34770->34775 34776 6e9c601 2 API calls 34770->34776 34777 6e9c643 6 API calls 34770->34777 34778 6e9c9e2 2 API calls 34770->34778 34779 6e9c59b 2 API calls 34770->34779 34780 6e9c91a 4 API calls 34770->34780 34781 6e9c55f 6 API calls 34770->34781 34782 6e9c77e 2 API calls 34770->34782 34783 6e9ccf1 2 API calls 34770->34783 34784 6e9c871 2 API calls 34770->34784 34771->34769 34772->34769 34773->34769 34774->34769 34775->34769 34776->34769 34777->34769 34778->34769 34779->34769 34780->34769 34781->34769 34782->34769 34783->34769 34784->34769 34786 6e9c795 34785->34786 34787 6e9cdf2 34786->34787 34884 6e9ad78 34786->34884 34888 6e9ad70 34786->34888 34787->34753 34788 6e9c7aa 34792 6e9c618 34791->34792 34892 6e9b0a8 34792->34892 34896 6e9b0b0 34792->34896 34796 6e9ccf7 34795->34796 34797 6e9b0a8 ReadProcessMemory 34796->34797 34798 6e9b0b0 ReadProcessMemory 34796->34798 34797->34796 34798->34796 34800 6e9c784 34799->34800 34802 6e9ad78 ResumeThread 34800->34802 34803 6e9ad70 ResumeThread 34800->34803 34801 6e9c7aa 34802->34801 34803->34801 34806 6e9c56b 34804->34806 34805 6e9c57d 34807 6e9c5fb 34805->34807 34811 6e9cd08 34805->34811 34806->34805 34810 6e9c6b2 34806->34810 34900 6e9afb9 34806->34900 34904 6e9afc0 34806->34904 34908 6e9ae20 34807->34908 34912 6e9ae28 34807->34912 34808 6e9cae9 34809 6e9cea8 34809->34753 34811->34809 34814 6e9b0a8 ReadProcessMemory 34811->34814 34815 6e9b0b0 ReadProcessMemory 34811->34815 34814->34811 34815->34811 34916 6e9aef9 34818->34916 34920 6e9af00 34818->34920 34819 6e9c938 34820 6e9ca1a 34819->34820 34823 6e9afb9 WriteProcessMemory 34819->34823 34824 6e9afc0 WriteProcessMemory 34819->34824 34820->34753 34823->34820 34824->34820 34827 6e9afb9 WriteProcessMemory 34825->34827 34828 6e9afc0 WriteProcessMemory 34825->34828 34826 6e9c5c9 34826->34753 34827->34826 34828->34826 34830 6e9c9e8 34829->34830 34832 6e9afb9 WriteProcessMemory 34830->34832 34833 6e9afc0 WriteProcessMemory 34830->34833 34831 6e9ca1a 34831->34753 34832->34831 34833->34831 34842 6e9afb9 WriteProcessMemory 34834->34842 34843 6e9afc0 WriteProcessMemory 34834->34843 34835 6e9c6b2 34836 6e9c56b 34836->34834 34836->34835 34838 6e9c57d 34836->34838 34837 6e9c5fb 34846 6e9ae28 Wow64SetThreadContext 34837->34846 34847 6e9ae20 Wow64SetThreadContext 34837->34847 34838->34837 34841 6e9cd08 34838->34841 34839 6e9cae9 34840 6e9cea8 34840->34753 34841->34840 34844 6e9b0a8 ReadProcessMemory 34841->34844 34845 6e9b0b0 ReadProcessMemory 34841->34845 34842->34836 34843->34836 34844->34841 34845->34841 34846->34839 34847->34839 34849 6e9c607 34848->34849 34850 6e9b0a8 ReadProcessMemory 34849->34850 34851 6e9b0b0 ReadProcessMemory 34849->34851 34850->34849 34851->34849 34853 6e9c56b 34852->34853 34855 6e9c57d 34853->34855 34858 6e9c6b2 34853->34858 34860 6e9afb9 WriteProcessMemory 34853->34860 34861 6e9afc0 WriteProcessMemory 34853->34861 34854 6e9c5fb 34862 6e9ae28 Wow64SetThreadContext 34854->34862 34863 6e9ae20 Wow64SetThreadContext 34854->34863 34855->34854 34859 6e9cd08 34855->34859 34856 6e9cae9 34857 6e9cea8 34857->34753 34859->34857 34864 6e9b0a8 ReadProcessMemory 34859->34864 34865 6e9b0b0 ReadProcessMemory 34859->34865 34860->34853 34861->34853 34862->34856 34863->34856 34864->34859 34865->34859 34924 6e9d261 34866->34924 34930 6e9d2b0 34866->34930 34867 6e9ca99 34935 6e9b248 34870->34935 34939 6e9b23d 34870->34939 34875 6e9c5ee 34874->34875 34876 6e9c5fb 34875->34876 34879 6e9cd08 34875->34879 34882 6e9ae28 Wow64SetThreadContext 34876->34882 34883 6e9ae20 Wow64SetThreadContext 34876->34883 34877 6e9cae9 34878 6e9cea8 34878->34753 34879->34878 34880 6e9b0a8 ReadProcessMemory 34879->34880 34881 6e9b0b0 ReadProcessMemory 34879->34881 34880->34879 34881->34879 34882->34877 34883->34877 34885 6e9adb8 ResumeThread 34884->34885 34887 6e9ade9 34885->34887 34887->34788 34889 6e9ad78 ResumeThread 34888->34889 34891 6e9ade9 34889->34891 34891->34788 34893 6e9b0b0 ReadProcessMemory 34892->34893 34895 6e9b13f 34893->34895 34895->34792 34897 6e9b0fb ReadProcessMemory 34896->34897 34899 6e9b13f 34897->34899 34899->34792 34901 6e9afc0 WriteProcessMemory 34900->34901 34903 6e9b05f 34901->34903 34903->34806 34905 6e9b008 WriteProcessMemory 34904->34905 34907 6e9b05f 34905->34907 34907->34806 34909 6e9ae28 Wow64SetThreadContext 34908->34909 34911 6e9aeb5 34909->34911 34911->34808 34913 6e9ae6d Wow64SetThreadContext 34912->34913 34915 6e9aeb5 34913->34915 34915->34808 34917 6e9af00 VirtualAllocEx 34916->34917 34919 6e9af7d 34917->34919 34919->34819 34921 6e9af40 VirtualAllocEx 34920->34921 34923 6e9af7d 34921->34923 34923->34819 34925 6e9d2a5 34924->34925 34926 6e9d1fb 34924->34926 34928 6e9ae28 Wow64SetThreadContext 34925->34928 34929 6e9ae20 Wow64SetThreadContext 34925->34929 34926->34867 34927 6e9d2db 34927->34867 34928->34927 34929->34927 34931 6e9d2c5 34930->34931 34933 6e9ae28 Wow64SetThreadContext 34931->34933 34934 6e9ae20 Wow64SetThreadContext 34931->34934 34932 6e9d2db 34932->34867 34933->34932 34934->34932 34936 6e9b2d1 CreateProcessA 34935->34936 34938 6e9b493 34936->34938 34940 6e9b248 CreateProcessA 34939->34940 34942 6e9b493 34940->34942

                                Executed Functions

                                Function 08BBB468 Relevance: 7.0, Strings: 5, Instructions: 724COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: (o]q$(o]q$,aq$,aq$Haq
                                • API String ID: 0-2157538030
                                • Opcode ID: 4f1351610077207b986dfa2d1e81ccbb489c99621324655178342b6cc3550a4d
                                • Instruction ID: ee1b036ee63dd1edb65022d0266b26cedbaf77ebb03446168fe77d58f376307f
                                • Opcode Fuzzy Hash: 4f1351610077207b986dfa2d1e81ccbb489c99621324655178342b6cc3550a4d
                                • Instruction Fuzzy Hash: B4528034A00519DFCB18DF69D494ABD7BB2FF88321B1585A9E806DB364DB75EC02CB90
                                Function 08BBED58 Relevance: 6.8, Strings: 5, Instructions: 591COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 788 8bbed58-8bbed61 789 8bbed67-8bbed79 788->789 790 8bbee36-8bbee39 788->790 792 8bbed7b-8bbed7e 789->792 793 8bbed8e-8bbed91 789->793 794 8bbee03-8bbee09 792->794 795 8bbed84-8bbed87 792->795 796 8bbed93-8bbed96 793->796 797 8bbeda1-8bbeda7 793->797 802 8bbee0b-8bbee0d 794->802 803 8bbee0f-8bbee1b 794->803 798 8bbed89 795->798 799 8bbedd2-8bbedd8 795->799 800 8bbed9c 796->800 801 8bbee32-8bbee34 796->801 804 8bbeda9-8bbedab 797->804 805 8bbedad-8bbedb9 797->805 798->801 806 8bbedda-8bbeddc 799->806 807 8bbedde-8bbedea 799->807 800->801 801->790 808 8bbee3a-8bbeebc 801->808 809 8bbee1d-8bbee30 802->809 803->809 810 8bbedbb-8bbedd0 804->810 805->810 811 8bbedec-8bbee01 806->811 807->811 826 8bbeebe-8bbeec4 808->826 827 8bbeed4-8bbeedc 808->827 809->801 810->801 811->801 828 8bbeec8-8bbeed2 826->828 829 8bbeec6 826->829 830 8bbf088-8bbf08a 827->830 831 8bbeee2-8bbeee4 827->831 828->827 829->827 832 8bbf08c-8bbf091 830->832 833 8bbf094-8bbf09b 830->833 831->830 834 8bbeeea-8bbeeee 831->834 832->833 836 8bbefd8-8bbefe0 834->836 837 8bbeef4-8bbeefc 834->837 836->830 838 8bbefe6-8bbefea 836->838 837->830 839 8bbef02-8bbef06 837->839 840 8bbefec-8bbeffb 838->840 841 8bbf024-8bbf033 838->841 842 8bbef08-8bbef17 839->842 843 8bbef43-8bbef56 839->843 840->830 851 8bbf001-8bbf004 840->851 841->830 849 8bbf035-8bbf038 841->849 842->830 848 8bbef1d-8bbef20 842->848 843->830 850 8bbef5c 843->850 852 8bbef23-8bbef26 848->852 853 8bbf03b-8bbf044 849->853 854 8bbef5f-8bbef65 850->854 855 8bbf007-8bbf00a 851->855 856 8bbef2c-8bbef34 852->856 857 8bbf0a3-8bbf0ea 852->857 853->857 858 8bbf046-8bbf04b 853->858 854->857 859 8bbef6b-8bbef71 854->859 855->857 860 8bbf010-8bbf018 855->860 861 8bbf09e 856->861 863 8bbef3a-8bbef3c 856->863 875 8bbf0ec 857->875 876 8bbf0f3-8bbf0f7 857->876 864 8bbf07f-8bbf082 858->864 865 8bbf04d-8bbf053 858->865 866 8bbef73-8bbef83 859->866 867 8bbefc5-8bbefc8 859->867 860->861 862 8bbf01e-8bbf020 860->862 861->857 862->855 868 8bbf022 862->868 863->852 869 8bbef3e 863->869 864->861 873 8bbf084-8bbf086 864->873 865->857 872 8bbf055-8bbf05d 865->872 866->867 879 8bbef85-8bbef91 866->879 867->861 870 8bbefce-8bbefd1 867->870 868->830 869->830 870->854 874 8bbefd3 870->874 872->857 877 8bbf05f-8bbf065 872->877 873->830 873->853 874->830 875->876 880 8bbf0f9-8bbf0fd 876->880 881 8bbf10e-8bbf128 call 8bbb208 876->881 877->864 882 8bbf067-8bbf072 877->882 879->857 883 8bbef97-8bbef9f 879->883 884 8bbf3cc-8bbf3d7 880->884 885 8bbf103-8bbf10b 880->885 895 8bbf12a 881->895 896 8bbf133-8bbf137 881->896 882->857 886 8bbf074-8bbf078 882->886 883->857 889 8bbefa5-8bbefb4 883->889 894 8bbf3de-8bbf442 884->894 885->881 886->864 889->857 890 8bbefba-8bbefbe 889->890 890->867 918 8bbf449-8bbf4ad 894->918 895->896 897 8bbf139-8bbf13f 896->897 898 8bbf142-8bbf166 896->898 897->898 906 8bbf16c-8bbf17e 898->906 907 8bbf301-8bbf31b call 8bbb468 898->907 906->894 912 8bbf184-8bbf188 906->912 913 8bbf3bd-8bbf3c4 907->913 912->894 914 8bbf18e-8bbf198 912->914 914->918 919 8bbf19e-8bbf1a2 914->919 950 8bbf4b4-8bbf518 918->950 919->907 921 8bbf1a8-8bbf1ac 919->921 923 8bbf1bb-8bbf1bf 921->923 924 8bbf1ae-8bbf1b5 921->924 925 8bbf51f-8bbf54d call 8bbb328 923->925 926 8bbf1c5-8bbf1d5 923->926 924->907 924->923 948 8bbf54f-8bbf553 925->948 949 8bbf557-8bbf558 925->949 931 8bbf1d7-8bbf1dd 926->931 932 8bbf205-8bbf20b 926->932 936 8bbf1df 931->936 937 8bbf1e1-8bbf1ed 931->937 933 8bbf20f-8bbf21b 932->933 934 8bbf20d 932->934 938 8bbf21d-8bbf23b 933->938 934->938 941 8bbf1ef-8bbf1ff 936->941 937->941 938->907 951 8bbf241-8bbf243 938->951 941->932 941->950 948->949 952 8bbf555 948->952 950->925 953 8bbf25e-8bbf262 951->953 954 8bbf245-8bbf250 951->954 952->949 953->907 956 8bbf268-8bbf272 953->956 983 8bbf253 call 8bbf688 954->983 984 8bbf253 call 8bbf561 954->984 985 8bbf253 call 8bbf570 954->985 956->907 963 8bbf278-8bbf27e 956->963 959 8bbf259 959->913 964 8bbf3c7 963->964 965 8bbf284-8bbf287 963->965 964->884 965->925 967 8bbf28d-8bbf2aa 965->967 973 8bbf2e8-8bbf2fc 967->973 974 8bbf2ac-8bbf2c7 967->974 973->913 980 8bbf2c9-8bbf2cd 974->980 981 8bbf2cf-8bbf2e3 974->981 980->907 980->981 981->913 983->959 984->959 985->959
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: (o]q$(o]q$,aq$,aq$Haq
                                • API String ID: 0-2157538030
                                • Opcode ID: 61c2d51191d0584ff10e08f1962e0fa5558bcf88324cb1f70498b9081b124162
                                • Instruction ID: 0e30807d6c74ce894702db2a434b6b62b5e29b632f9cff8526b0d85ad16a42b9
                                • Opcode Fuzzy Hash: 61c2d51191d0584ff10e08f1962e0fa5558bcf88324cb1f70498b9081b124162
                                • Instruction Fuzzy Hash: BC226D34B00215CFCB15DF69D954ABE7BA6EF88302F1584A9E8059B361CB75EC42CBA1
                                Function 08BB0006 Relevance: 4.6, Instructions: 4580COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 986 8bb0006-8bb000b 987 8bb000c-8bb0038 986->987 987->987 988 8bb003a-8bb006b 987->988 990 8bb006d 988->990 991 8bb0072-8bb0c98 988->991 990->991 1181 8bb0ca3-8bb0ca9 991->1181 1182 8bb0cb5-8bb4668 1181->1182 1592 8bb466a-8bb4676 1182->1592 1593 8bb4692 1182->1593 1594 8bb4678-8bb467e 1592->1594 1595 8bb4680-8bb4686 1592->1595 1596 8bb4698-8bb5007 1593->1596 1597 8bb4690 1594->1597 1595->1597 1597->1596
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 06461bdafce33f19decaba2bbd3affa31ad5b78b0c28d2bfd7557ec891b73e3e
                                • Instruction ID: a1045b4ccf85eb4448aca34aeb1e40f811b71aed03eae311c0c17a9caa5704f9
                                • Opcode Fuzzy Hash: 06461bdafce33f19decaba2bbd3affa31ad5b78b0c28d2bfd7557ec891b73e3e
                                • Instruction Fuzzy Hash: ABB3F634A11619CFDB24EF64C884A99B3F2FF89304F1196E9D4486B361DB31AE85CF91
                                Function 08BB0040 Relevance: 4.6, Instructions: 4562COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1697 8bb0040-8bb006b 1698 8bb006d 1697->1698 1699 8bb0072-8bb0ca9 1697->1699 1698->1699 1890 8bb0cb5-8bb4668 1699->1890 2300 8bb466a-8bb4676 1890->2300 2301 8bb4692 1890->2301 2302 8bb4678-8bb467e 2300->2302 2303 8bb4680-8bb4686 2300->2303 2304 8bb4698-8bb5007 2301->2304 2305 8bb4690 2302->2305 2303->2305 2305->2304
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ebaed12e2452fd861cb49df0115122ebe79e9abd08401d6add70ab4deab37983
                                • Instruction ID: 946ff44d825c6d4c71fba9b174ca6af55a12ab4059f44cdee10ec9f1d4c7b01c
                                • Opcode Fuzzy Hash: ebaed12e2452fd861cb49df0115122ebe79e9abd08401d6add70ab4deab37983
                                • Instruction Fuzzy Hash: 31B3F634A11619CFDB24EF64C884A99B3F2FF89304F1196E9D4486B361DB31AE85CF91
                                Function 08BB56E8 Relevance: 3.4, Instructions: 3434COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2427 8bb56e8-8bb5713 2428 8bb571a-8bb5c3f 2427->2428 2429 8bb5715 2427->2429 2507 8bb5c5c-8bb5c75 2428->2507 2429->2428 2509 8bb5c9f-8bb5ca1 2507->2509 2510 8bb5c77-8bb5c9d 2507->2510 2511 8bb5ca4-8bb5caf 2509->2511 2510->2511 2513 8bb5c41-8bb5c4b 2511->2513 2514 8bb5cb1-8bb5d10 2511->2514 2973 8bb5c51 call 8bb9718 2513->2973 2974 8bb5c51 call 8bb96e0 2513->2974 2975 8bb5c51 call 8bb96d0 2513->2975 2967 8bb5d13 call 8bba7b9 2514->2967 2968 8bb5d13 call 8bba7c8 2514->2968 2516 8bb5c57-8bb5c5b 2516->2507 2520 8bb5d19-8bb5d5a 2971 8bb5d5d call 8bba7b9 2520->2971 2972 8bb5d5d call 8bba7c8 2520->2972 2523 8bb5d63-8bb5d7a 2525 8bb5d7c-8bb5d82 2523->2525 2526 8bb5d84-8bb5d8b 2523->2526 2527 8bb5d98-8bb604c 2525->2527 2528 8bb5d8d 2526->2528 2529 8bb5d92-8bb5d95 2526->2529 2969 8bb6052 call 8bbfcd9 2527->2969 2970 8bb6052 call 8bbfce8 2527->2970 2528->2529 2529->2527 2571 8bb6057-8bb8795 2859 8bb87bf 2571->2859 2860 8bb8797-8bb87a3 2571->2860 2863 8bb87c5-8bb92ba 2859->2863 2861 8bb87ad-8bb87b3 2860->2861 2862 8bb87a5-8bb87ab 2860->2862 2864 8bb87bd 2861->2864 2862->2864 2864->2863 2967->2520 2968->2520 2969->2571 2970->2571 2971->2523 2972->2523 2973->2516 2974->2516 2975->2516
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7af42c2e2d8290d3da96151e4b05d31e6fe404b8afab1f0a4b3d40df6a78a6e4
                                • Instruction ID: 90d3ef5fc8a998c26a27133a2bd953b94a0b8cd19fae4eb0cf283b468b1360f2
                                • Opcode Fuzzy Hash: 7af42c2e2d8290d3da96151e4b05d31e6fe404b8afab1f0a4b3d40df6a78a6e4
                                • Instruction Fuzzy Hash: 98830734A11619CFEB24EF64C884AD9B3B2FF8A304F1146E9D4096B361DB31AE95CF51
                                Function 08BB56D9 Relevance: 3.4, Instructions: 3420COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2976 8bb56d9-8bb5713 2978 8bb571a-8bb5c3f 2976->2978 2979 8bb5715 2976->2979 3057 8bb5c5c-8bb5c75 2978->3057 2979->2978 3059 8bb5c9f-8bb5ca1 3057->3059 3060 8bb5c77-8bb5c9d 3057->3060 3061 8bb5ca4-8bb5caf 3059->3061 3060->3061 3063 8bb5c41-8bb5c4b 3061->3063 3064 8bb5cb1-8bb5cfc 3061->3064 3523 8bb5c51 call 8bb9718 3063->3523 3524 8bb5c51 call 8bb96e0 3063->3524 3525 8bb5c51 call 8bb96d0 3063->3525 3069 8bb5d04-8bb5d10 3064->3069 3066 8bb5c57-8bb5c5b 3066->3057 3517 8bb5d13 call 8bba7b9 3069->3517 3518 8bb5d13 call 8bba7c8 3069->3518 3070 8bb5d19-8bb5d47 3072 8bb5d4e-8bb5d5a 3070->3072 3521 8bb5d5d call 8bba7b9 3072->3521 3522 8bb5d5d call 8bba7c8 3072->3522 3073 8bb5d63-8bb5d7a 3075 8bb5d7c-8bb5d82 3073->3075 3076 8bb5d84-8bb5d8b 3073->3076 3077 8bb5d98-8bb603c 3075->3077 3078 8bb5d8d 3076->3078 3079 8bb5d92-8bb5d95 3076->3079 3120 8bb6046-8bb604c 3077->3120 3078->3079 3079->3077 3519 8bb6052 call 8bbfcd9 3120->3519 3520 8bb6052 call 8bbfce8 3120->3520 3121 8bb6057-8bb8795 3409 8bb87bf 3121->3409 3410 8bb8797-8bb87a3 3121->3410 3413 8bb87c5-8bb92ba 3409->3413 3411 8bb87ad-8bb87b3 3410->3411 3412 8bb87a5-8bb87ab 3410->3412 3414 8bb87bd 3411->3414 3412->3414 3414->3413 3517->3070 3518->3070 3519->3121 3520->3121 3521->3073 3522->3073 3523->3066 3524->3066 3525->3066
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ee4f0d036ea3522b074f1b6d3174777e066fa17dec15d66e3fc773cb9496c9b7
                                • Instruction ID: 9b2d1a88891049174b600af923ba1e1dffbb7877913ae9b1c980973125cd48cf
                                • Opcode Fuzzy Hash: ee4f0d036ea3522b074f1b6d3174777e066fa17dec15d66e3fc773cb9496c9b7
                                • Instruction Fuzzy Hash: 28830734A11619CFEB24EF64C884AD9B3B2FF8A304F1146E9D4086B361DB31AE95CF51
                                Function 06E9DAD8 Relevance: .5, Instructions: 517COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a50ee34aaf3fde82dd8dbb3645a18d24514b5f975ef8e0b63e612145277e5232
                                • Instruction ID: 01f969b6231d3b430cec99ff50c418992e1e0203f1ee2b6d1c93adad2ae91e4e
                                • Opcode Fuzzy Hash: a50ee34aaf3fde82dd8dbb3645a18d24514b5f975ef8e0b63e612145277e5232
                                • Instruction Fuzzy Hash: 18226D34B006148FDB48DF69D594AADBBF6EF88304F2591A9E515AB3A1CB30EC45CF60
                                Function 06E9B23D Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3552 6e9b23d-6e9b2dd 3555 6e9b2df-6e9b2e9 3552->3555 3556 6e9b316-6e9b336 3552->3556 3555->3556 3557 6e9b2eb-6e9b2ed 3555->3557 3563 6e9b338-6e9b342 3556->3563 3564 6e9b36f-6e9b39e 3556->3564 3558 6e9b2ef-6e9b2f9 3557->3558 3559 6e9b310-6e9b313 3557->3559 3561 6e9b2fb 3558->3561 3562 6e9b2fd-6e9b30c 3558->3562 3559->3556 3561->3562 3562->3562 3565 6e9b30e 3562->3565 3563->3564 3566 6e9b344-6e9b346 3563->3566 3570 6e9b3a0-6e9b3aa 3564->3570 3571 6e9b3d7-6e9b491 CreateProcessA 3564->3571 3565->3559 3568 6e9b369-6e9b36c 3566->3568 3569 6e9b348-6e9b352 3566->3569 3568->3564 3572 6e9b354 3569->3572 3573 6e9b356-6e9b365 3569->3573 3570->3571 3575 6e9b3ac-6e9b3ae 3570->3575 3584 6e9b49a-6e9b520 3571->3584 3585 6e9b493-6e9b499 3571->3585 3572->3573 3573->3573 3574 6e9b367 3573->3574 3574->3568 3576 6e9b3d1-6e9b3d4 3575->3576 3577 6e9b3b0-6e9b3ba 3575->3577 3576->3571 3579 6e9b3bc 3577->3579 3580 6e9b3be-6e9b3cd 3577->3580 3579->3580 3580->3580 3582 6e9b3cf 3580->3582 3582->3576 3595 6e9b530-6e9b534 3584->3595 3596 6e9b522-6e9b526 3584->3596 3585->3584 3598 6e9b544-6e9b548 3595->3598 3599 6e9b536-6e9b53a 3595->3599 3596->3595 3597 6e9b528 3596->3597 3597->3595 3601 6e9b558-6e9b55c 3598->3601 3602 6e9b54a-6e9b54e 3598->3602 3599->3598 3600 6e9b53c 3599->3600 3600->3598 3603 6e9b56e-6e9b575 3601->3603 3604 6e9b55e-6e9b564 3601->3604 3602->3601 3605 6e9b550 3602->3605 3606 6e9b58c 3603->3606 3607 6e9b577-6e9b586 3603->3607 3604->3603 3605->3601 3609 6e9b58d 3606->3609 3607->3606 3609->3609
                                APIs
                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E9B47E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 3f7ab5ee49761b7b6f09694d1d763f3dc9b28b6224bd6db4f5292d8c1c269dd9
                                • Instruction ID: 4db05a3a05d939913b88456887934c3613c06faad63b044e812b2157e089dc3d
                                • Opcode Fuzzy Hash: 3f7ab5ee49761b7b6f09694d1d763f3dc9b28b6224bd6db4f5292d8c1c269dd9
                                • Instruction Fuzzy Hash: 33A14671D00319CFDF60DFA8D845BEEBAB2AF48304F148569E819A7240DB749985CFA1
                                Function 06E9B248 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3610 6e9b248-6e9b2dd 3612 6e9b2df-6e9b2e9 3610->3612 3613 6e9b316-6e9b336 3610->3613 3612->3613 3614 6e9b2eb-6e9b2ed 3612->3614 3620 6e9b338-6e9b342 3613->3620 3621 6e9b36f-6e9b39e 3613->3621 3615 6e9b2ef-6e9b2f9 3614->3615 3616 6e9b310-6e9b313 3614->3616 3618 6e9b2fb 3615->3618 3619 6e9b2fd-6e9b30c 3615->3619 3616->3613 3618->3619 3619->3619 3622 6e9b30e 3619->3622 3620->3621 3623 6e9b344-6e9b346 3620->3623 3627 6e9b3a0-6e9b3aa 3621->3627 3628 6e9b3d7-6e9b491 CreateProcessA 3621->3628 3622->3616 3625 6e9b369-6e9b36c 3623->3625 3626 6e9b348-6e9b352 3623->3626 3625->3621 3629 6e9b354 3626->3629 3630 6e9b356-6e9b365 3626->3630 3627->3628 3632 6e9b3ac-6e9b3ae 3627->3632 3641 6e9b49a-6e9b520 3628->3641 3642 6e9b493-6e9b499 3628->3642 3629->3630 3630->3630 3631 6e9b367 3630->3631 3631->3625 3633 6e9b3d1-6e9b3d4 3632->3633 3634 6e9b3b0-6e9b3ba 3632->3634 3633->3628 3636 6e9b3bc 3634->3636 3637 6e9b3be-6e9b3cd 3634->3637 3636->3637 3637->3637 3639 6e9b3cf 3637->3639 3639->3633 3652 6e9b530-6e9b534 3641->3652 3653 6e9b522-6e9b526 3641->3653 3642->3641 3655 6e9b544-6e9b548 3652->3655 3656 6e9b536-6e9b53a 3652->3656 3653->3652 3654 6e9b528 3653->3654 3654->3652 3658 6e9b558-6e9b55c 3655->3658 3659 6e9b54a-6e9b54e 3655->3659 3656->3655 3657 6e9b53c 3656->3657 3657->3655 3660 6e9b56e-6e9b575 3658->3660 3661 6e9b55e-6e9b564 3658->3661 3659->3658 3662 6e9b550 3659->3662 3663 6e9b58c 3660->3663 3664 6e9b577-6e9b586 3660->3664 3661->3660 3662->3658 3666 6e9b58d 3663->3666 3664->3663 3666->3666
                                APIs
                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E9B47E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 65e8486b4a18d70901653099ffdc8e175cdd3cc5da9208ee0fd768ab1f70ab19
                                • Instruction ID: 48f105a92db778c6d04eb16f59e4afce5093d0c57909f679bb0cfb420caa91c8
                                • Opcode Fuzzy Hash: 65e8486b4a18d70901653099ffdc8e175cdd3cc5da9208ee0fd768ab1f70ab19
                                • Instruction Fuzzy Hash: C5914771D00319CFDF60DFA8D845BEEBAB2BF48304F14856AE818A7240DB749985CFA1
                                Function 00EEB261 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3667 eeb261-eeb27f 3668 eeb2ab-eeb2af 3667->3668 3669 eeb281-eeb28e call ee87b8 3667->3669 3670 eeb2c3-eeb304 3668->3670 3671 eeb2b1-eeb2bb 3668->3671 3676 eeb2a4 3669->3676 3677 eeb290 3669->3677 3678 eeb306-eeb30e 3670->3678 3679 eeb311-eeb31f 3670->3679 3671->3670 3676->3668 3723 eeb296 call eeb4f8 3677->3723 3724 eeb296 call eeb508 3677->3724 3678->3679 3681 eeb343-eeb345 3679->3681 3682 eeb321-eeb326 3679->3682 3680 eeb29c-eeb29e 3680->3676 3683 eeb3e0-eeb4a0 3680->3683 3684 eeb348-eeb34f 3681->3684 3685 eeb328-eeb32f call eeac54 3682->3685 3686 eeb331 3682->3686 3718 eeb4a8-eeb4d3 GetModuleHandleW 3683->3718 3719 eeb4a2-eeb4a5 3683->3719 3688 eeb35c-eeb363 3684->3688 3689 eeb351-eeb359 3684->3689 3687 eeb333-eeb341 3685->3687 3686->3687 3687->3684 3692 eeb365-eeb36d 3688->3692 3693 eeb370-eeb379 call eeac64 3688->3693 3689->3688 3692->3693 3698 eeb37b-eeb383 3693->3698 3699 eeb386-eeb38b 3693->3699 3698->3699 3700 eeb38d-eeb394 3699->3700 3701 eeb3a9-eeb3ad 3699->3701 3700->3701 3703 eeb396-eeb3a6 call eeac74 call eeac84 3700->3703 3705 eeb3b3-eeb3b6 3701->3705 3703->3701 3708 eeb3b8-eeb3d6 3705->3708 3709 eeb3d9-eeb3df 3705->3709 3708->3709 3720 eeb4dc-eeb4f0 3718->3720 3721 eeb4d5-eeb4db 3718->3721 3719->3718 3721->3720 3723->3680 3724->3680
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00EEB4C6
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052766286.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ee0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID:
                                • API String ID: 4139908857-0
                                • Opcode ID: 2c225736a11e71d2041d33bfa7d77e5a7a4e93e6dcb38ab07215989baaf55ca2
                                • Instruction ID: 1d3221e1b3ce5dca19238f8d93e715c88315bc2f0806d8d21d8236ecad3a2ef5
                                • Opcode Fuzzy Hash: 2c225736a11e71d2041d33bfa7d77e5a7a4e93e6dcb38ab07215989baaf55ca2
                                • Instruction Fuzzy Hash: 25813370A00B898FD724DF6AD54579BBBF1BF88304F10892EE08AE7A51D775E805CB91
                                Function 00EE590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3725 ee590c-ee59d9 CreateActCtxA 3727 ee59db-ee59e1 3725->3727 3728 ee59e2-ee5a3c 3725->3728 3727->3728 3735 ee5a3e-ee5a41 3728->3735 3736 ee5a4b-ee5a4f 3728->3736 3735->3736 3737 ee5a60 3736->3737 3738 ee5a51-ee5a5d 3736->3738 3740 ee5a61 3737->3740 3738->3737 3740->3740
                                APIs
                                • CreateActCtxA.KERNEL32(?), ref: 00EE59C9
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052766286.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ee0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 8d3dd99c4b57ac0949bee9459d356876b0b864004754d6922e610abe54d4ad9c
                                • Instruction ID: 838ae70429f27f56907633f45defa45c02c5465c2532d881733cef5b03d967d4
                                • Opcode Fuzzy Hash: 8d3dd99c4b57ac0949bee9459d356876b0b864004754d6922e610abe54d4ad9c
                                • Instruction Fuzzy Hash: A741F4B1C0061DCFDB24CFAAC9857DDBBB1BF89308F20816AD408AB255D775594ACF51
                                Function 00EE4514 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3741 ee4514-ee59d9 CreateActCtxA 3744 ee59db-ee59e1 3741->3744 3745 ee59e2-ee5a3c 3741->3745 3744->3745 3752 ee5a3e-ee5a41 3745->3752 3753 ee5a4b-ee5a4f 3745->3753 3752->3753 3754 ee5a60 3753->3754 3755 ee5a51-ee5a5d 3753->3755 3757 ee5a61 3754->3757 3755->3754 3757->3757
                                APIs
                                • CreateActCtxA.KERNEL32(?), ref: 00EE59C9
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052766286.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ee0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 4b8bf3b567a11517f5d94b453cf742990d508a1c0049eb4880b77270e3e4077d
                                • Instruction ID: 51857145c191b2844336eeaa836e2b45042895a2d1c6e1c80d6fdb56a5bdcac1
                                • Opcode Fuzzy Hash: 4b8bf3b567a11517f5d94b453cf742990d508a1c0049eb4880b77270e3e4077d
                                • Instruction Fuzzy Hash: B941E2B1C0071DCBDB24CFAAC944B9EBBB5BF49308F20806AD418BB255DB756949CF91
                                Function 06E9AFB9 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E9B050
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: d214c501a9d9a9f50f24e559b64744b65b923677631fd0ec44290a197221ae95
                                • Instruction ID: d1bbadde035aa6791f4cd5a6c253a33d4fc9dc81917afa49d45fbb7c3809b301
                                • Opcode Fuzzy Hash: d214c501a9d9a9f50f24e559b64744b65b923677631fd0ec44290a197221ae95
                                • Instruction Fuzzy Hash: A52135B19003099FCB10CFAAC981BEEBBF5FF48310F10842AE959A7240D7789940CBA0
                                Function 06E9AFC0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E9B050
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 57329f4183d52ffc1b49ab538046a7091c5d5676ca5a85d487dc2154158c9d87
                                • Instruction ID: e9cd826292c7d033188e58c271bb2eccc43f677e56f73a8790d6145e215607cd
                                • Opcode Fuzzy Hash: 57329f4183d52ffc1b49ab538046a7091c5d5676ca5a85d487dc2154158c9d87
                                • Instruction Fuzzy Hash: 482124B5900349DFCB10DFAAC985BEEBBF5FF48310F10842AE959A7250D7789944CBA0
                                Function 06E9B0A8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E9B130
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: cb192a5c247a6ca4a176e437da4274d53c4fedde44dfea8ea4d6a05a03657460
                                • Instruction ID: 929804379867fd3a17a63309a1c08772bea9535da7c0ae755c96eefbec8a513c
                                • Opcode Fuzzy Hash: cb192a5c247a6ca4a176e437da4274d53c4fedde44dfea8ea4d6a05a03657460
                                • Instruction Fuzzy Hash: CE212AB1D003599FCB10DFAAC885AEEFBF5FF48310F50842AE959A7250D7389545CBA1
                                Function 06E9AE20 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E9AEA6
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 422b3a084a6dd250bec6c5c5e34fd1e8b4bd1d2cebf7da0cd8076eca062f6fae
                                • Instruction ID: 6054af89b9161a296d443a4efba4205289fa9a011346c7956032adec220fb36e
                                • Opcode Fuzzy Hash: 422b3a084a6dd250bec6c5c5e34fd1e8b4bd1d2cebf7da0cd8076eca062f6fae
                                • Instruction Fuzzy Hash: 992139B1D003098FDB50DFAAC4857EEBBF5EF88314F14842AD459A7241D7789985CFA1
                                Function 00EECDE0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00EED706,?,?,?,?,?), ref: 00EED7C7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052766286.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ee0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: cd7069f0e31b95f02fcda86677af0ec50bfacc84d946cad724b968e1e8e47102
                                • Instruction ID: 40ca2a5f761c29a503fec460960fa409a68bfda787bedef7a3959a5a585ab9c4
                                • Opcode Fuzzy Hash: cd7069f0e31b95f02fcda86677af0ec50bfacc84d946cad724b968e1e8e47102
                                • Instruction Fuzzy Hash: 4221E6B590424C9FDB10CF9AD984ADEBBF8FB48310F14841AE914B3310D378A940CFA5
                                Function 00EED738 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00EED706,?,?,?,?,?), ref: 00EED7C7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052766286.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ee0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 398ea69d8fc908ff2c27798a144003b47a0922a622477137709c304f324b8803
                                • Instruction ID: fff1f69d00b8195123d532b6df5c5250849658e25cb230b4189328cd9ee7c538
                                • Opcode Fuzzy Hash: 398ea69d8fc908ff2c27798a144003b47a0922a622477137709c304f324b8803
                                • Instruction Fuzzy Hash: 7D21E4B59042489FDB10CFAAD984ADEBFF4FB48310F14841AE918A7350C378A944CFA1
                                Function 06E9B0B0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E9B130
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 35d04354b9866d548ccb12dd1ccd156d1774288e407e7541d9c8e1a47101d279
                                • Instruction ID: 88acb2459a4c1ab3cd2e00e6e64bdc94cd81c58cab0ad3b66a8a9b9805f7defc
                                • Opcode Fuzzy Hash: 35d04354b9866d548ccb12dd1ccd156d1774288e407e7541d9c8e1a47101d279
                                • Instruction Fuzzy Hash: 3C2107B1D003499FCB10DFAAC885AEEFBF5FF48310F50842AE959A7250D7789945CBA1
                                Function 06E9AE28 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E9AEA6
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: fe21228ef964a386707d75c37eb41861653462ca7a574f03db8a641f3385a37c
                                • Instruction ID: b2ba6fc792ff2bc2c1729ced7a8ef55281b8764f06a00f74d83eb41bfaf6b668
                                • Opcode Fuzzy Hash: fe21228ef964a386707d75c37eb41861653462ca7a574f03db8a641f3385a37c
                                • Instruction Fuzzy Hash: 7D2134B1D003098FDB10DFAAC4857EEBBF4EF88314F10842AD419A7240CB78A984CBA1
                                Function 06E9AEF9 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E9AF6E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 7ba3f449b6f6d3fad8fa2ccd4ab675afa25c305232a37beacc107cde6c88b85d
                                • Instruction ID: 47d83bd743f992a89578ef49a8b73ea6fb946bdf7939a68538abbd2bacb8166b
                                • Opcode Fuzzy Hash: 7ba3f449b6f6d3fad8fa2ccd4ab675afa25c305232a37beacc107cde6c88b85d
                                • Instruction Fuzzy Hash: 661129B69002499FCF20DFAAC845BEEBBF5EF88314F248419E519A7250C7799941CFA1
                                Function 06E9AF00 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E9AF6E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: a333a2a9816dff4f919ac0ccf03f0811980d31f5fee29d4b7cf1516c56d61f1c
                                • Instruction ID: 79db591cdd8d604530204cd6e1165a7cebedc6565530e74a6b697a8c32aaf9f0
                                • Opcode Fuzzy Hash: a333a2a9816dff4f919ac0ccf03f0811980d31f5fee29d4b7cf1516c56d61f1c
                                • Instruction Fuzzy Hash: D31107B69002499FCF10DFAAC845AEEBFF5EF48314F248419E519A7250C779A944CFA1
                                Function 06E9AD70 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 558b1df07cf1a2477b5f3d339c00db39891aedb02f8bc3c48e25da5a3cee2071
                                • Instruction ID: e12b8ee4113d9e19c0c0e66872e37c5f64221816541e1fb73dd957e4c480d959
                                • Opcode Fuzzy Hash: 558b1df07cf1a2477b5f3d339c00db39891aedb02f8bc3c48e25da5a3cee2071
                                • Instruction Fuzzy Hash: 421107B19003498BCB20DFAAC44579EBBF5AF88314F248419D559A7240CB79A545CBA5
                                Function 06E9AD78 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 93fa9877d883001e09d745847aadb25b8e4c0b5391947f197fca631072cd3cee
                                • Instruction ID: b6994568d7dde7d6982baeda83dc0eebd125632f84801eee25dc93030494ada3
                                • Opcode Fuzzy Hash: 93fa9877d883001e09d745847aadb25b8e4c0b5391947f197fca631072cd3cee
                                • Instruction Fuzzy Hash: A01128B1D003498FCB20DFAAC4457AEFBF5EF88314F208419D519A7240CB79A544CFA5
                                Function 06E9D7A0 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 06E9D805
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: a498fc14f95fc1fbf1933dbf9624f43df5e991c8e2bcf0d15f1aecfdd811333d
                                • Instruction ID: 909dada3e5f52522677707d82430c6ae16cf882a2ee970bfbebf54ecd505c297
                                • Opcode Fuzzy Hash: a498fc14f95fc1fbf1933dbf9624f43df5e991c8e2bcf0d15f1aecfdd811333d
                                • Instruction Fuzzy Hash: 3B11F5B58003489FDB60DF99C945BDEBBF8EF48314F20881AE958B7210C379A944CFA1
                                Function 06E97B7C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 06E9D805
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: ef336faa443af371d7b3dabcff722e891ce1f4366be2f75ba8787f154ecccafc
                                • Instruction ID: cbd03292445f62a8f5108a7a4bebfdeabbcaedc43de955fbac9a2c492b3d598c
                                • Opcode Fuzzy Hash: ef336faa443af371d7b3dabcff722e891ce1f4366be2f75ba8787f154ecccafc
                                • Instruction Fuzzy Hash: 4C1106B58007589FDB60DF99C845BDEBBF8EF48314F108419E518A7311C379A944CFA1
                                Function 00EEB460 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00EEB4C6
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052766286.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ee0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID:
                                • API String ID: 4139908857-0
                                • Opcode ID: 497a45bd788a25469d2519e04862137ed4ad4a1e0612a9acb5cdd31fae510136
                                • Instruction ID: 112d46eac2b92d04042f70e42f25433770e40eba8e8a83e9a55320625ea9e8a6
                                • Opcode Fuzzy Hash: 497a45bd788a25469d2519e04862137ed4ad4a1e0612a9acb5cdd31fae510136
                                • Instruction Fuzzy Hash: 2B1110B6C002498FCB10DF9AC444ADEFBF8EF88324F10841AD828B7251D379A545CFA1
                                Function 08BBA7B9 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Haq
                                • API String ID: 0-725504367
                                • Opcode ID: a83ab5b0d5878e191c6b11b8d06695dc2c0f2c7b3eaba21df0f8765a4b01daa8
                                • Instruction ID: b35889260d7259dc04ac1ad7e1fe6513fd31e36cc13bdd8681ef8af0aa9a81d2
                                • Opcode Fuzzy Hash: a83ab5b0d5878e191c6b11b8d06695dc2c0f2c7b3eaba21df0f8765a4b01daa8
                                • Instruction Fuzzy Hash: 6E314670E08258AFEB129F749C01BFE7FB5EF86301F1084E6E545AB281CA359E02DB51
                                Function 08BBA7C8 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Haq
                                • API String ID: 0-725504367
                                • Opcode ID: 13938e358d8a2bcda66861076e9fe03b169291b679027d2d1c340e91e375e9ef
                                • Instruction ID: 66024af7c41c3da213a32535f0262fe119581c1fb0ca897ecb9518aff37fb05f
                                • Opcode Fuzzy Hash: 13938e358d8a2bcda66861076e9fe03b169291b679027d2d1c340e91e375e9ef
                                • Instruction Fuzzy Hash: 64210270E04218AFEB129F34AC01BFE3FA6EF85300F1084A6E941EB281DA359E06D751
                                Function 08BBFE7F Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: 6843c79369a2de022d868570af16bde70a0a35f17d7472f3ef3396081606eed2
                                • Instruction ID: 11bb24243d0693775e8f4ed72e4c06437cc9d4991814950247c7c4d57022931d
                                • Opcode Fuzzy Hash: 6843c79369a2de022d868570af16bde70a0a35f17d7472f3ef3396081606eed2
                                • Instruction Fuzzy Hash: 4C21B035E00606CFCB04FFA4E8546EAB771FF85308F108255E606B7385EBB06955CB91
                                Function 08BBFE90 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: 1108cc85b71e3a5ca821189110f0423eada00183de8634d5f214a6eb9daff9c1
                                • Instruction ID: 37ec2b947c61fce8db72eb98a3d420b91ca788fc49c679e4e6abc2eb9226bc9b
                                • Opcode Fuzzy Hash: 1108cc85b71e3a5ca821189110f0423eada00183de8634d5f214a6eb9daff9c1
                                • Instruction Fuzzy Hash: 1E219235E00606CFDB44EFA4E8546E9B771FF85308F108219E206B7384DBB07945CB91
                                Function 08BBF570 Relevance: .3, Instructions: 255COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29109015f9378c5abef377db76aeb2f18a747ccaad245ee2878400f8bd16a702
                                • Instruction ID: cfcbfd31f659db64d116796c86eb5e6ba4b98abb7fbf741c9ea18ac13689463c
                                • Opcode Fuzzy Hash: 29109015f9378c5abef377db76aeb2f18a747ccaad245ee2878400f8bd16a702
                                • Instruction Fuzzy Hash: 92A13874A006159FCB15DF69D884ABABBB1FF49701F1585A9E8059B3A1CB70EC42CBA0
                                Function 08BBAE40 Relevance: .1, Instructions: 141COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be4b914d851d25b5749bd007b99f0718d189384f3a9ada20993b56a34aac4a75
                                • Instruction ID: 79108a8eee0bf808990b8e9d3fb7ed64cc248d177651cbb406cd54ceec763047
                                • Opcode Fuzzy Hash: be4b914d851d25b5749bd007b99f0718d189384f3a9ada20993b56a34aac4a75
                                • Instruction Fuzzy Hash: 1651E835A01118DFCB14DF64D958AEE7BB2EF48712F2494A9E902A73A0CBB5DD41CF90
                                Function 08BBB5A7 Relevance: .1, Instructions: 117COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c4aafd7a9397f38c3b04f8baf6275d874cc8b4e6ba7e4177188fc35a1b01093b
                                • Instruction ID: a08f4e91640d6b9876ef7c18b538a9594cc7da861a2138fec6a903dbdee9aa00
                                • Opcode Fuzzy Hash: c4aafd7a9397f38c3b04f8baf6275d874cc8b4e6ba7e4177188fc35a1b01093b
                                • Instruction Fuzzy Hash: 2F416A3070011ADFCF159F65E984ABEBBA6FF88311F148429E802973A4DB75DC52CB90
                                Function 08BBFCD9 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b7d57e83f84d05219988416db2ed6d4c87d9240118613e9eca9141adcd5f003
                                • Instruction ID: bd39bc65022ad238c46b02b73ba5f7f4a61d774abe7174721a4c078e78650110
                                • Opcode Fuzzy Hash: 8b7d57e83f84d05219988416db2ed6d4c87d9240118613e9eca9141adcd5f003
                                • Instruction Fuzzy Hash: B2418E35A006458BDB40DF54D8513AA7372EF86318F1584B9DC0C7F356DBB2A94ACBA1
                                Function 08BB96E0 Relevance: .1, Instructions: 113COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b5ea1602c0b1ec04b6ece99bcf264b9ff0973dae0d707611a13c024785f92673
                                • Instruction ID: fdc9528f4e14fc07495784ad852c4bc5c7a96c640d5469dd21c0d6ef67d72d2a
                                • Opcode Fuzzy Hash: b5ea1602c0b1ec04b6ece99bcf264b9ff0973dae0d707611a13c024785f92673
                                • Instruction Fuzzy Hash: 28410775E012089FCB05CFA9D840AEDBBF2FF89301F1484AAE914A7351E7759A45CB90
                                Function 08BBFCE8 Relevance: .1, Instructions: 110COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e74bf94dc09d892629be78ef88145a9d33755a67caf13db081fc557fddd6d4bc
                                • Instruction ID: 06d138c29216fef91b89aa63917774af2ab5ab49d5e88b81421061df00a8070a
                                • Opcode Fuzzy Hash: e74bf94dc09d892629be78ef88145a9d33755a67caf13db081fc557fddd6d4bc
                                • Instruction Fuzzy Hash: D941AF35900645CBDB00DF58D8913EA73B2AF45718F1584B9DC0C7F346DBB2A98AC7A1
                                Function 08BBF688 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: af16c0063cd8bc01146034a94dff58664727a15a1ee5b838aa8dfe2dbef05592
                                • Instruction ID: c60712cfdf3b61b5464cbf419c9916a69597014f27a70f30afd98c9a7a05b0f6
                                • Opcode Fuzzy Hash: af16c0063cd8bc01146034a94dff58664727a15a1ee5b838aa8dfe2dbef05592
                                • Instruction Fuzzy Hash: D8410D79B005099FCB14DF29D884ABEBBB1FF88711F1585A9E9159B3A1CB70EC41CB90
                                Function 08BB92D8 Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d1091955a49e820c4d4b0f987a521bd9eb536d7b942bc69a34f82db66d47274a
                                • Instruction ID: 3d4897feddd6fec6c408ba94b7f327bcfc2d07dbc5f6c608238d388977ad0753
                                • Opcode Fuzzy Hash: d1091955a49e820c4d4b0f987a521bd9eb536d7b942bc69a34f82db66d47274a
                                • Instruction Fuzzy Hash: 92312835E01209EFCB05CFA4D9549EEBBB6FF89301F10846AE905A7361EB759D06CB90
                                Function 08BB9C48 Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ebaafbb08efa1c0e4e92721e2f2e3657a93634c10bd99dd64927ba1f6eb69ec0
                                • Instruction ID: 01ce7a04f70550634aae7125961de70415d26ba6b504b4433e4cc94cc4417277
                                • Opcode Fuzzy Hash: ebaafbb08efa1c0e4e92721e2f2e3657a93634c10bd99dd64927ba1f6eb69ec0
                                • Instruction Fuzzy Hash: 67310234D00218AFCB04CFA8D848AEEBBB1FF49311F1480A9E505AB261D7759944CF90
                                Function 00CDD4C4 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052489802.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_cdd000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 40dd716cc9ef7eaf6c47efaac01fccf181db32e1bdffacdb39c1b524f3f5ad7f
                                • Instruction ID: 28b2a49fbff412977ce3f17b131b40f486800b0a423c35af9f924125b8ce27e4
                                • Opcode Fuzzy Hash: 40dd716cc9ef7eaf6c47efaac01fccf181db32e1bdffacdb39c1b524f3f5ad7f
                                • Instruction Fuzzy Hash: 47213AB1940240DFCB15DF14E9C0F26BF65FB98318F20C56AEA0A0B356D33AD956D7A2
                                Function 00CDD3D8 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052489802.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_cdd000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3037f15fc919fef939c7d0f76ba0cf473fe23622e5c02c73e5d657c614690a5f
                                • Instruction ID: d5799f1d680b30d2a8c77cfee9e7732d74917534533cb71e2facc81dd8cd873d
                                • Opcode Fuzzy Hash: 3037f15fc919fef939c7d0f76ba0cf473fe23622e5c02c73e5d657c614690a5f
                                • Instruction Fuzzy Hash: E621F871904204DFDB15DF14D9C0F26BF65FB98324F24C56AEA0A0B356C33AE856DBA2
                                Function 08BB9C39 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dc601ca0e5b555fbd49c836b94d83ac31efb329cb17eddb1519174ddff8a2934
                                • Instruction ID: dad90035f1a8f071a4dca4a83fe4623b85b988d8287549fd1d88d3338a5c0764
                                • Opcode Fuzzy Hash: dc601ca0e5b555fbd49c836b94d83ac31efb329cb17eddb1519174ddff8a2934
                                • Instruction Fuzzy Hash: 85312471D00218AFDB14CFA9D848BEEFBB1FF88311F048169E505AB361D7799984CB90
                                Function 08BB9E51 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2441b24fa5c7c2a1db93f6c8b8e4294aacf283ebab53bf43f52352061755280d
                                • Instruction ID: 7dbfbe9f9fe204562c84d25e77215e5e3c694ff1b6cf46a0710f9f601927309b
                                • Opcode Fuzzy Hash: 2441b24fa5c7c2a1db93f6c8b8e4294aacf283ebab53bf43f52352061755280d
                                • Instruction Fuzzy Hash: C531B2B5D01209AFCB04CFA9D594AEDBFB1FB58311F10816AE919A7350EB345A45CF90
                                Function 08BBB268 Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4c426a5643b835b9a8f576bb5ca957b394cc91b915afc20805c69fdadcce5eda
                                • Instruction ID: 390a15bb6450f04a4a0579d6a785926df199b36814de7a6abd13993113a1abd9
                                • Opcode Fuzzy Hash: 4c426a5643b835b9a8f576bb5ca957b394cc91b915afc20805c69fdadcce5eda
                                • Instruction Fuzzy Hash: F3217F75B40109CFCB10DFA8C884AAE7FB1EF48321F5540A9E805DB361D671ED81CB61
                                Function 00CED01C Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052533425.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ced000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 143d2b7c83fe8f30301b3346d3e4bbf3d7215e9dc67d05884a0e09f0947f85a9
                                • Instruction ID: 7ff28ad15f7f968203b0c5229bf5d1f2c65647e030b9b030b4c0095a548447c9
                                • Opcode Fuzzy Hash: 143d2b7c83fe8f30301b3346d3e4bbf3d7215e9dc67d05884a0e09f0947f85a9
                                • Instruction Fuzzy Hash: 4D21F271604284DFCB14DF25D9C4B26BF65FB88314F28C569E90A4B296C33AD807CA62
                                Function 00CED1D4 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052533425.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ced000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 11dcecaa5d2c531e9a4fc15058fe21ffe1326a0dc98e0014ea1f4d847ecf3dd8
                                • Instruction ID: 0b198c1f10187f67ca8cd32df753d0eee65bafdd0163cf013e8d32f7652947f1
                                • Opcode Fuzzy Hash: 11dcecaa5d2c531e9a4fc15058fe21ffe1326a0dc98e0014ea1f4d847ecf3dd8
                                • Instruction Fuzzy Hash: 30210475504284EFDB05DF25D9C0F26BBA5FB88314F20C5ADEA0A4B296C33ADC46DA61
                                Function 08BB9E60 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cf52f538f24b009ff23e1810f9720a9752ad7fa70c5df7af25cecb56d9d5e786
                                • Instruction ID: 9d116311c7e7d6f100641cbb035000b7e73e405812da252a64d39ad714674085
                                • Opcode Fuzzy Hash: cf52f538f24b009ff23e1810f9720a9752ad7fa70c5df7af25cecb56d9d5e786
                                • Instruction Fuzzy Hash: 8131B074D00209AFCB04CFA9D5949EEBFF1FB98300F10806AE91AA7350EB346A45CF90
                                Function 08BB9870 Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f995238807c21372cf8b4e30022549263ecd89a049b4153e268073c0a4892f6e
                                • Instruction ID: 584628a185dcc8531e525a2ba2ba731190db16032705025e32901935af44271a
                                • Opcode Fuzzy Hash: f995238807c21372cf8b4e30022549263ecd89a049b4153e268073c0a4892f6e
                                • Instruction Fuzzy Hash: 9421C035D00209EFDF05CFA5D944ADEBBB2FF89311F10802AE915A7360DB76A956DB80
                                Function 00CED005 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052533425.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ced000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 57837b697f10bac818b1f0a8b459cb24bc254e86979b3b5cc24bd7e57c2a17a0
                                • Instruction ID: b12e832e64e8c5015cb4b36d9df506f5a904598f436d060f5b00e88b6e9128be
                                • Opcode Fuzzy Hash: 57837b697f10bac818b1f0a8b459cb24bc254e86979b3b5cc24bd7e57c2a17a0
                                • Instruction Fuzzy Hash: 5E216F755093C08FDB12CF24D994715BF71EB46314F28C5EAD8498F6A7C33A990ACB62
                                Function 00CDD3D3 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052489802.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_cdd000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction ID: db241345b0c083f06e4db6ff298a718bab0c98488a6b78591ca5a50041c44c0a
                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction Fuzzy Hash: EF112672804240DFCB12CF00D5C4B16BF71FB94324F24C6AAD90A0B356C33AE95ACBA2
                                Function 00CDD4BF Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052489802.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_cdd000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction ID: 7acaf40467140ca6288f69544e123297ac303abe819d73e69dfcc3356569b127
                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction Fuzzy Hash: 8A1126B2804280CFCB12CF10D5C4B16BF71FB98314F24C6AAD94A0B356C336D95ACBA2
                                Function 00CED1CF Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052533425.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ced000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                • Instruction ID: 471378391b7040ecc7e481898c364918a29be5812514083bfed444689a24c90e
                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                • Instruction Fuzzy Hash: 0811BB75504280DFCB02CF10C5C4B15BBA1FB84314F24C6A9D94A4B296C33AD84ACB62
                                Function 08BB9DB0 Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 609f70b7fe77fe807586e9ad3da43588bd74ec9988e5669968220dd01f1d5ca9
                                • Instruction ID: d39f83df416c673e0acea528477f5eccdc0b8134fcd9391be3e6ec75a1d9e394
                                • Opcode Fuzzy Hash: 609f70b7fe77fe807586e9ad3da43588bd74ec9988e5669968220dd01f1d5ca9
                                • Instruction Fuzzy Hash: 521151B1905349DFCB12CFA8C444B9EBFB1EF46300F1585DEE504AB2A2D7368A44CB91
                                Function 08BB9DD0 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 11df995d01aa8c0eeffcc26080924cb9d4f8961951f74837d8bd219c8db9eacb
                                • Instruction ID: 5df4684fdf457bab7abfcca900c2a71d5cde09def7d4240d200c1c59343bad5f
                                • Opcode Fuzzy Hash: 11df995d01aa8c0eeffcc26080924cb9d4f8961951f74837d8bd219c8db9eacb
                                • Instruction Fuzzy Hash: 4F01D0B5C01209DFCB41DFA8C545AAEBFF1FF48301F1085A9E508A7260E7358A50DF91
                                Function 08BB9F49 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f7d932e325f28c9e0c6531f2cffa1a1ac8ef123c407b90f72b6a7788fccf3429
                                • Instruction ID: dd84ee2c3c73c05c658dd7bf6a4641ca6a05f04b26868a46537c105bebfaca22
                                • Opcode Fuzzy Hash: f7d932e325f28c9e0c6531f2cffa1a1ac8ef123c407b90f72b6a7788fccf3429
                                • Instruction Fuzzy Hash: 34F09D79D002089FDF00CFA8E9946EDBBB0FB58211F5041A9E911B3340E735AA518F60
                                Function 08BBB262 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4c5c6c2ce18f14c214cde535b3a711d0ec39d4d90d13f8c63e9612909f872abc
                                • Instruction ID: 98e6f9f4c417a2bb27d877fa4ca436ff6b80f0b146e6285e6d49e11fbddd6edb
                                • Opcode Fuzzy Hash: 4c5c6c2ce18f14c214cde535b3a711d0ec39d4d90d13f8c63e9612909f872abc
                                • Instruction Fuzzy Hash: 70E0863160020CABDF106AE5EC49AFFBF68DB44272F448075ED0591111D6B1D518C5B1

                                Non-executed Functions

                                Function 06E992B0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: s@-n
                                • API String ID: 0-2725530398
                                • Opcode ID: 57082d636589dedeb5fe76598513f4648d5d80bf03fe57d9fabee12a37de8a41
                                • Instruction ID: 1b52362dd70ff236dff88f817fe90b681cdd35ac9d3965528805954fe8e8374f
                                • Opcode Fuzzy Hash: 57082d636589dedeb5fe76598513f4648d5d80bf03fe57d9fabee12a37de8a41
                                • Instruction Fuzzy Hash: C5E11974E002598FDB54DFA9C5809AEFBF2BF89305F24C169E414AB356D730A942CFA1
                                Function 06E992A0 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: s@-n
                                • API String ID: 0-2725530398
                                • Opcode ID: 948adb8b9a3fd6999857b6d16eeae66e143fc1041f0461ffc71724cb8d957cdd
                                • Instruction ID: 8b08da748224b6dd6105ea327a6ba0670cd814930d01091c1804525f49e6ee9f
                                • Opcode Fuzzy Hash: 948adb8b9a3fd6999857b6d16eeae66e143fc1041f0461ffc71724cb8d957cdd
                                • Instruction Fuzzy Hash: 79510D74E002198FDB55DFA9C9805AEFBF2BF89305F24C169D418A7356D730A942CFA1
                                Function 06E9F158 Relevance: .3, Instructions: 340COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 76ca26ccc4cd3f64615e9ac62a59582cf8ae6b0599481f01757d9f42339ccc08
                                • Instruction ID: 3927609b65534296293d49e75607bd61b4be6740bc708ca971967ab3e8bb2bdc
                                • Opcode Fuzzy Hash: 76ca26ccc4cd3f64615e9ac62a59582cf8ae6b0599481f01757d9f42339ccc08
                                • Instruction Fuzzy Hash: 01C1DD30B017548FEBA9DB76C910BAE77EAAFC9704F14546DD106DB291DB34E802CB62
                                Function 06E98608 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f05f3e1849bcbea749d4102925ec856e77959773c737fb47658b7010cf5427a7
                                • Instruction ID: 300aa73fac61955e9f37da5529ca79bd732485dca1878a9da56dfb3edc7857bf
                                • Opcode Fuzzy Hash: f05f3e1849bcbea749d4102925ec856e77959773c737fb47658b7010cf5427a7
                                • Instruction Fuzzy Hash: C5E10674E102198FCB54DFA8C5809AEFBF2BF89305F24D569E814AB356D730A941CFA1
                                Function 06E9A550 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4cd17359fa0c0f4cd831d8bfc92c6ef69e4c2bd8e64f7d5be9f6a8c5dd41adae
                                • Instruction ID: 181fb2921e5b0ccafe4a50b0ab2962fdf949291f68eb496c1231a849f163c980
                                • Opcode Fuzzy Hash: 4cd17359fa0c0f4cd831d8bfc92c6ef69e4c2bd8e64f7d5be9f6a8c5dd41adae
                                • Instruction Fuzzy Hash: 95E1F874E002598FCB54DFA8C5809AEFBF2BF89305F24D169E814AB356D731A942CF61
                                Function 06E98E78 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 998c530d47e4e193abc1fd1781fa8200c24db9e7f93be1733eab639e560f6417
                                • Instruction ID: e77f4cf9003356d33a1b35246ae8b29ca018d63b11a8c352970ef186ecc3a932
                                • Opcode Fuzzy Hash: 998c530d47e4e193abc1fd1781fa8200c24db9e7f93be1733eab639e560f6417
                                • Instruction Fuzzy Hash: 19E10574E002198FCB54DFA9C5809AEFBF2BF89305F24D169E814AB356D731A941CFA1
                                Function 06E98A40 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 653c8731121a91d7361522b13e67f0955d82637ab54cfaaecedc2dea034b1475
                                • Instruction ID: 4d73e5fe65c6ed79a8cd81888538e54e30778637205b64d130e1710bd5719e96
                                • Opcode Fuzzy Hash: 653c8731121a91d7361522b13e67f0955d82637ab54cfaaecedc2dea034b1475
                                • Instruction Fuzzy Hash: D6E10774E002598FCB54DFA8C9809AEFBF2BF89305F24D569E414AB35AD730A941CF61
                                Function 00EEE0B4 Relevance: .3, Instructions: 264COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2052766286.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_ee0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 94b06aee3256606a5692360d8916b8d27dd5982ca7924ffeff27869d2efa8a53
                                • Instruction ID: 5452cfa91c877189eba78400e15b058791d7aad34d8ccba0ca305a37ad5f64c1
                                • Opcode Fuzzy Hash: 94b06aee3256606a5692360d8916b8d27dd5982ca7924ffeff27869d2efa8a53
                                • Instruction Fuzzy Hash: ECA15B32E002598FCF09DFB6C84459EB7B2FF85304B25957AE805BB265DB35E945CB80
                                Function 06E90B98 Relevance: .2, Instructions: 216COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2056777705.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6e90000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a2c4dc984b57b88ec5cb69ec8d6845e4313b6daaeef42f7d066738666d463bab
                                • Instruction ID: d608859dcdb349a7a5b0cc51ac19cdfb6024a537ed88342b2acb51a338a89278
                                • Opcode Fuzzy Hash: a2c4dc984b57b88ec5cb69ec8d6845e4313b6daaeef42f7d066738666d463bab
                                • Instruction Fuzzy Hash: 2291F070D05219DFEFA4CFAAC8847EDBBB6BF49304F40A069E419AB251DB305985CF60
                                Function 08BB51C1 Relevance: 6.3, Strings: 5, Instructions: 67COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q$4']q$4']q$4']q
                                • API String ID: 0-4248691736
                                • Opcode ID: 6602fac939663b0fbad94dd0e465c66903d150618ed7b4430b6e9df3fd916efc
                                • Instruction ID: f5498ba07b04bbce9e19a29a3b45ba3d83f314cb1b04a92d9ae86b28bc2636de
                                • Opcode Fuzzy Hash: 6602fac939663b0fbad94dd0e465c66903d150618ed7b4430b6e9df3fd916efc
                                • Instruction Fuzzy Hash: 8A217430A0010A9FCB0CEFA9E5519EE7BB6FFC0704F104569824567265EF34AA09CB92
                                Function 08BB51D0 Relevance: 6.3, Strings: 5, Instructions: 62COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q$4']q$4']q$4']q
                                • API String ID: 0-4248691736
                                • Opcode ID: 16e0a34ee313ab6696df6d6feb2e3e030e7de4c87489dff84321cfcd40b24bc1
                                • Instruction ID: 073b7010d466def83c923f7682404d847c9aea506908b078e2e23c8015560a50
                                • Opcode Fuzzy Hash: 16e0a34ee313ab6696df6d6feb2e3e030e7de4c87489dff84321cfcd40b24bc1
                                • Instruction Fuzzy Hash: 95214530B0110A9FDB0CEFA9E5519EE7BB6FFC0704F1044A981456B265EF74AE05CB92
                                Function 08BBEB20 Relevance: 5.2, Strings: 4, Instructions: 150COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2057303306.0000000008BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_8bb0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q$4']q$$]q
                                • API String ID: 0-3694760048
                                • Opcode ID: f6bf3641a91537bdfec31b3e9267fb7b8fc3dd3f4324b0709a35aadbfa13105f
                                • Instruction ID: 8ebc0521330aecf1b1082173d9129f78c872b9d11869e6f79061cdc0d4166c63
                                • Opcode Fuzzy Hash: f6bf3641a91537bdfec31b3e9267fb7b8fc3dd3f4324b0709a35aadbfa13105f
                                • Instruction Fuzzy Hash: C2416E303405158FCB299A799894ABE36D7FFC864172908ADE006CB3B5DEA5DC468791

                                Executed Functions

                                Function 02BC5F98 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: \V%m
                                • API String ID: 0-324988934
                                • Opcode ID: 5bc3980e8e5850775b2446b962d7f3553d3823113cd9b144706ab7dddb2efd63
                                • Instruction ID: e982a45866fdc9f0a4593099cdecfcc73a15358eb41b45f55f4f39ea2c805819
                                • Opcode Fuzzy Hash: 5bc3980e8e5850775b2446b962d7f3553d3823113cd9b144706ab7dddb2efd63
                                • Instruction Fuzzy Hash: E9B12D70E002098FDB14CFA9C985BADBBF6EFC8714F24816DD855AB354EB749885CB81
                                Function 02BC6868 Relevance: .3, Instructions: 266COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d5964468ec69b0cffa8905d5d51554a29feccfd37e6f7473350c35484b04fb7
                                • Instruction ID: 41818ee870300528c44025a0368bf4b5c0da49661c1beebee286c560971f1d34
                                • Opcode Fuzzy Hash: 3d5964468ec69b0cffa8905d5d51554a29feccfd37e6f7473350c35484b04fb7
                                • Instruction Fuzzy Hash: BFB14D71E00209CFDF14CFA9C985BADBBF6EF88714F24816DD419A7294EB749885CB81
                                Function 02BC1727 Relevance: 5.4, Strings: 4, Instructions: 444COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: a]q$ a]q$,$xaq
                                • API String ID: 0-452644037
                                • Opcode ID: 17dd4054ef52abeb19c6626c509c61b8281794f93013d15162fa3c67afb6d1a2
                                • Instruction ID: c5733be016d1a67d9730374db07906421582b9e057f0be1e9271136cdfc9de7d
                                • Opcode Fuzzy Hash: 17dd4054ef52abeb19c6626c509c61b8281794f93013d15162fa3c67afb6d1a2
                                • Instruction Fuzzy Hash: 7D029B70700205DFC719EF68D494B6A7BE6FF84304F20896DD506AB3A9EB75AC46CB81
                                Function 02BC1962 Relevance: 3.9, Strings: 3, Instructions: 183COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: a]q$ a]q$xaq
                                • API String ID: 0-315583803
                                • Opcode ID: 3b76ce32eae9e55ddec6350de2d902b124dd72445c3d4451fdd01382a9d7019c
                                • Instruction ID: aabac31d4166a9978da532cee2964e843d811d6074d4a049ac522a190163868a
                                • Opcode Fuzzy Hash: 3b76ce32eae9e55ddec6350de2d902b124dd72445c3d4451fdd01382a9d7019c
                                • Instruction Fuzzy Hash: 9C619A75700201DFC319AF28E494B5A7BE6FF84314F20896DD1069F3A9EBB5AD46CB80
                                Function 02BC0EBA Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq$Te]q$d6p
                                • API String ID: 0-967301506
                                • Opcode ID: b23df35fb624e0e9939ccd41e96af6bb8e3c78bceb463afc4872c294ee9a8e54
                                • Instruction ID: 52f85346f48753e537d1c9272ffba4525433cc11dd9174c3d41f7d65bd0d8575
                                • Opcode Fuzzy Hash: b23df35fb624e0e9939ccd41e96af6bb8e3c78bceb463afc4872c294ee9a8e54
                                • Instruction Fuzzy Hash: 78516D34B101149FC754DF6DC498AAEBBF6FF89710F258099E406EB3A5CA75EC028B90
                                Function 02BC0D20 Relevance: 2.6, Strings: 2, Instructions: 133COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Haq$dLcq
                                • API String ID: 0-1713614415
                                • Opcode ID: 444f50dc61ee6252307931f7f50fe0f11f9698f97d6619c792a8dc187a066c43
                                • Instruction ID: ddb38313b780f3ff49e38c7bc207124920af66db9ae963e859e17f98ac793cae
                                • Opcode Fuzzy Hash: 444f50dc61ee6252307931f7f50fe0f11f9698f97d6619c792a8dc187a066c43
                                • Instruction Fuzzy Hash: 7341D231B042059FCB159F69D454BAEBBF6EF89304F1448AAE506DB3A1CB35EC05CB91
                                Function 02BC9520 Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: $]q$$]q
                                • API String ID: 0-127220927
                                • Opcode ID: 49fcb32287199f095a9ebb75a89a79e20c0522272ee7a4743049a2c023cfe188
                                • Instruction ID: 58f50ba22bd72d1edddef07aa0487b02cd89a8548cfa3048cb0acc995f4c239a
                                • Opcode Fuzzy Hash: 49fcb32287199f095a9ebb75a89a79e20c0522272ee7a4743049a2c023cfe188
                                • Instruction Fuzzy Hash: B8414730708A41DFD7086F6A9198539BBB6FB8470577988A9E0168B395CF36DC22CB85
                                Function 02BC8B27 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: 34aaf778866599cc02e05b64617d1d1c57c73fb7ce42de4fad862e7929711f47
                                • Instruction ID: eb5399533887c80ccbc09ea1e062f8e39b90c271463e9400d775b7461b05bd06
                                • Opcode Fuzzy Hash: 34aaf778866599cc02e05b64617d1d1c57c73fb7ce42de4fad862e7929711f47
                                • Instruction Fuzzy Hash: A111C130A041159FCB19EFBCF491BAD7FA6FF81718F1045A9D0459B3A8DF39A8098792
                                Function 02BC5F8C Relevance: 1.5, Strings: 1, Instructions: 291COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: \V%m
                                • API String ID: 0-324988934
                                • Opcode ID: 554b2af991adeb7e0c9259dffe4fa17127cbb63b6d104f0f462c27f643bf507e
                                • Instruction ID: 4cc8351f3e4fb1137a8e95325127f2482015d2d636b69f4f56f3f4a47e486d40
                                • Opcode Fuzzy Hash: 554b2af991adeb7e0c9259dffe4fa17127cbb63b6d104f0f462c27f643bf507e
                                • Instruction Fuzzy Hash: C5C11A70E00209CFDF14CFA8C985B9DBBF6EF88315F24816DD859AB254EB749885CB91
                                Function 02BC9CB0 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: xaq
                                • API String ID: 0-793007810
                                • Opcode ID: 978548690cd870381804d93e3ef259ce57764e8fed52962be9fb585c2df4d35e
                                • Instruction ID: 0a72ea62f8d9d71f4160b480aca574d67b7b2a18bc239e1c927df0e56fe388df
                                • Opcode Fuzzy Hash: 978548690cd870381804d93e3ef259ce57764e8fed52962be9fb585c2df4d35e
                                • Instruction Fuzzy Hash: C49199B0500201CFE724DF28E5647653BBAF7A8318F2455AEC4118BB88E7B6BA45CFD1
                                Function 02BC9A58 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: d01971c76b84bddc5e45106cf324db65356886faac877cff032679314d57b9b2
                                • Instruction ID: 19cab06eab75ea9f5ea5d3cde96e2c9aad62dbda28543c4254c08e3b80112629
                                • Opcode Fuzzy Hash: d01971c76b84bddc5e45106cf324db65356886faac877cff032679314d57b9b2
                                • Instruction Fuzzy Hash: EE519C75600605DFE714DF69C998BAABBF2FF48714F204199E512AB3E4CBB1AC41CB80
                                Function 02BC9509 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: $]q
                                • API String ID: 0-1007455737
                                • Opcode ID: e8ddb11e859bace7ea8df61ffec15d8e7a9903117fe63c7b721629c096671323
                                • Instruction ID: c740822306f4a7d16653ec922fc596551ae60b46aa1fd19c247ef61337f8146c
                                • Opcode Fuzzy Hash: e8ddb11e859bace7ea8df61ffec15d8e7a9903117fe63c7b721629c096671323
                                • Instruction Fuzzy Hash: 7B41AD30608A41DFD7096F6E9188138BBB6FF847057398CAAE0468B395CF369C13CB85
                                Function 02BC1339 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: LR]q
                                • API String ID: 0-3081347316
                                • Opcode ID: 970e97620f87188e8a65c1eaa17e3f3ff615374e1a76beb24e9f9c2aa3a2b2ea
                                • Instruction ID: 5743651e39b25d6d386026f2d242d66d484ef0bc7596dfb27b425dd12a57cc0e
                                • Opcode Fuzzy Hash: 970e97620f87188e8a65c1eaa17e3f3ff615374e1a76beb24e9f9c2aa3a2b2ea
                                • Instruction Fuzzy Hash: 17319F30F102169FCB549B7C855066E7BF2BFC9204B2480ADE54AEB365EE30DC02CB91
                                Function 02BC0D10 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: dLcq
                                • API String ID: 0-2236789282
                                • Opcode ID: 6dd5bd11aac5cd2db3fd48dee4cb5dbddc1076aa688eb69c54b031a94641b4df
                                • Instruction ID: 0ff4573ab06b60f3b9d7548cc5027fa245ac93d62561dd3d3d5412533197a9f2
                                • Opcode Fuzzy Hash: 6dd5bd11aac5cd2db3fd48dee4cb5dbddc1076aa688eb69c54b031a94641b4df
                                • Instruction Fuzzy Hash: 2F316D71A002059FDB14EF69C498B9EBBF6EF48204F2485A9E401AB361CB75ED45CB91
                                Function 02BC9438 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 8a69fe83e81b0d7a7837a56a89338717a56de4caafe23241c05eef9894a8072e
                                • Instruction ID: 8f3e028cb8763fdf560225b84f28f66011a9265a1f136332b3ed30af44f196b9
                                • Opcode Fuzzy Hash: 8a69fe83e81b0d7a7837a56a89338717a56de4caafe23241c05eef9894a8072e
                                • Instruction Fuzzy Hash: 97216D307105108FEB249B68D558BAE7BF6AF88B11F24419AE502DB3A5CF719C00CB91
                                Function 02BC35C9 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: |
                                • API String ID: 0-2343686810
                                • Opcode ID: 8da5861fac38e5a9eb9cf31ba9f49fe6b1ff992f37286e4b09c2a2744afe3456
                                • Instruction ID: ad45a623cd36fe8d6154f69f67d815d26a429a19b2c556b98fd998f68ad46018
                                • Opcode Fuzzy Hash: 8da5861fac38e5a9eb9cf31ba9f49fe6b1ff992f37286e4b09c2a2744afe3456
                                • Instruction Fuzzy Hash: 3B116A75F042149FDB50EF78D904B6D7BF6AB48710F2084AEE94AD73A4EB35A900CB91
                                Function 02BC993F Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 8de8d0de371b0aecea8330e336f9b047e816471d82741a6310f2def099fb2e85
                                • Instruction ID: d7fff4b871a0c24e1b6471e1c1bea7310daa3948cae5d4d4e107d0fb6f066630
                                • Opcode Fuzzy Hash: 8de8d0de371b0aecea8330e336f9b047e816471d82741a6310f2def099fb2e85
                                • Instruction Fuzzy Hash: 45119370B40201DFD718DF68C499BBDBBE6AF88710F24409EE506EB3A5CAB19C41CB90
                                Function 02BC9950 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: bf396772c847a46b571735c18a8490e64553db64e6c74b53625579527a7c16b1
                                • Instruction ID: 9d15c086ff1895b14a8851a9b19648f459c29d9b5df297109624721dc990b910
                                • Opcode Fuzzy Hash: bf396772c847a46b571735c18a8490e64553db64e6c74b53625579527a7c16b1
                                • Instruction Fuzzy Hash: CC114F70B40104DFDB189F69C499BBEBBE6EF88710F244099E502AB3A5CEB19C41CB90
                                Function 02BCA470 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 19a5b19e8dca256703e8be59d50fb9cb17ba1c21c09c8d668f0704b5b577adaa
                                • Instruction ID: 4e059ffbe58321852067c17a516e0195ce574ba2616b967fc56cd6d0d224c629
                                • Opcode Fuzzy Hash: 19a5b19e8dca256703e8be59d50fb9cb17ba1c21c09c8d668f0704b5b577adaa
                                • Instruction Fuzzy Hash: 34119A70B001049FDB189F28C959BAE7BF2EB88710F2040ADE502EB3A1CF755C02CB80
                                Function 02BC0E3F Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: Haq
                                • API String ID: 0-725504367
                                • Opcode ID: c675a1992f91d31fbb4acf058d22a0fad83685f38052205a922769be8d6e7053
                                • Instruction ID: ea9064e1fdae1ed53f5252353540119a4f5143408c37d8c69be6d3cf60c6560c
                                • Opcode Fuzzy Hash: c675a1992f91d31fbb4acf058d22a0fad83685f38052205a922769be8d6e7053
                                • Instruction Fuzzy Hash: EFF04C303482541FC346673D585056E7FDB9FD611035504EAE149CB396DD259C078391
                                Function 02BC8F80 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID: LR]q
                                • API String ID: 0-3081347316
                                • Opcode ID: 8032eb93896537d47c325450f1d26c89de94d288b7a9715cd86771680fe69bbe
                                • Instruction ID: 31a0b58c7fb4535b4b1ccc1e93a73c3c3bb918e836832314e98ade0ef8384b2e
                                • Opcode Fuzzy Hash: 8032eb93896537d47c325450f1d26c89de94d288b7a9715cd86771680fe69bbe
                                • Instruction Fuzzy Hash: 65016D71B001159FDB45EBA898016BE77F6FB88710F2044ADE54AEB290EB70AA01CBD5
                                Function 02BC2D63 Relevance: .3, Instructions: 297COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 259245f486a4799f13f4f5d5a6c8626d16e014344cdd217f17b0a4279e31b0c9
                                • Instruction ID: 25aaf58cb12e15499345110d186c86551266164951dcaebbc7a1fca6d36790ec
                                • Opcode Fuzzy Hash: 259245f486a4799f13f4f5d5a6c8626d16e014344cdd217f17b0a4279e31b0c9
                                • Instruction Fuzzy Hash: 96C1C571A053918FDB06EF38E464A997F76FF85314F14866EC4018B3AAEB349849CBD1
                                Function 02BC685F Relevance: .3, Instructions: 258COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c794cf9c3814c61269d3908e616c93e301e03bab1f3bcbdb8f8fd8db55cc6aae
                                • Instruction ID: 7a730c6f1112d2ad37c116540ec6aea087b26184724614f14ebb57e44b0e088b
                                • Opcode Fuzzy Hash: c794cf9c3814c61269d3908e616c93e301e03bab1f3bcbdb8f8fd8db55cc6aae
                                • Instruction Fuzzy Hash: 84A13C70E00209CFDF14DFA8C985BADBBF5EF88714F24816DD819A7254EB749885CB91
                                Function 02BCA0A8 Relevance: .3, Instructions: 251COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d3d9a7a94aeb982ff05050a65ef9deaa8c24cffbf78769d08a623c1965a7f4d2
                                • Instruction ID: 7d535562b9c4a9bc5c7e5a3c1efa3c701099d637ddf9d6ad56ec581339999654
                                • Opcode Fuzzy Hash: d3d9a7a94aeb982ff05050a65ef9deaa8c24cffbf78769d08a623c1965a7f4d2
                                • Instruction Fuzzy Hash: C8A1A0717002058FCB09EF78E49465D77F6EF88708B2089ADD9069B359EF34AC4ACB81
                                Function 02BC2E38 Relevance: .2, Instructions: 227COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 51941fd827d6685793ede6c1fc85f892d6a0829390273799886fdad40119d58b
                                • Instruction ID: d57a151331df5e2d5f1714dcaa42c7fad381c5a87d24afa0fee3f9ad4b71bd70
                                • Opcode Fuzzy Hash: 51941fd827d6685793ede6c1fc85f892d6a0829390273799886fdad40119d58b
                                • Instruction Fuzzy Hash: 70A16E75A003419FCB05EF34E448A5E7BB6FF84354B208A6DD5068B359EB35A94ACFC0
                                Function 02BC36A0 Relevance: .1, Instructions: 121COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 524800c2a4c80739a121988f873bb1d61a3143934436400bf4e71041596533f9
                                • Instruction ID: 98b3b6d5bd42f11f470594bf55a624b616dd3be99076a113360b6abee23b5857
                                • Opcode Fuzzy Hash: 524800c2a4c80739a121988f873bb1d61a3143934436400bf4e71041596533f9
                                • Instruction Fuzzy Hash: 8A419F71B042498FCB14EF79D4946AEBBE6EFC9214F64846ED50A97340DF34A806CB91
                                Function 02BC96D3 Relevance: .1, Instructions: 120COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 013d07dc8995a9495eaf6e93a23e7d1b9fac752185bc2878e477dfe3398fafd3
                                • Instruction ID: f36672493fedef5be8d7b25483b4839bbd69f924ff003b3e0ab3b4248f0ff650
                                • Opcode Fuzzy Hash: 013d07dc8995a9495eaf6e93a23e7d1b9fac752185bc2878e477dfe3398fafd3
                                • Instruction Fuzzy Hash: F9418C34601505DFDB04EF68C984E6ABBB2FF44315F6184E9E415AB7A2DB31ED01CBA1
                                Function 02BC0AA0 Relevance: .1, Instructions: 118COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2ac4cfec4b0ee6a6d7e4e6a640968326f223ca973878c2520dcf29ec17394486
                                • Instruction ID: 6bf1a8d040a282573dd753d92e43d880ac26fc586bc8764fd6430f79fbf243ab
                                • Opcode Fuzzy Hash: 2ac4cfec4b0ee6a6d7e4e6a640968326f223ca973878c2520dcf29ec17394486
                                • Instruction Fuzzy Hash: 9651D33A600211CFC71AEF24F5849497B7BFF94386B508669D4428B36DEB35A946EFC0
                                Function 02BC11D0 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7785043007754acc94e9471ddf74d5af543c74fffdb6731d766e6e9fa9676b36
                                • Instruction ID: 53a63bcee8b041ba2df6adba96c7f856b357f31a37a35df337ce167795fdab1f
                                • Opcode Fuzzy Hash: 7785043007754acc94e9471ddf74d5af543c74fffdb6731d766e6e9fa9676b36
                                • Instruction Fuzzy Hash: 49415170B00219AFCB44EFBD855466EBBFAFF88300F608569D449D7345DA349D42CB95
                                Function 02BC40B8 Relevance: .1, Instructions: 90COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e295fbf8c380f21d27fc910626c59581806f9dba7f4f8d74cce943578e6111b7
                                • Instruction ID: 87cf1b09a11eae3b85b1c091f978a4e60011d2e46fc1bc4fd3fece39bdbbb948
                                • Opcode Fuzzy Hash: e295fbf8c380f21d27fc910626c59581806f9dba7f4f8d74cce943578e6111b7
                                • Instruction Fuzzy Hash: 0441EFB0D003499FDB10DF99C594ADEBFF5FF48314F248069E809AB254DB75AA85CB90
                                Function 02BC40AF Relevance: .1, Instructions: 90COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b8c9ca70bbe0f16c95ea509c0489a80e2957080a47f10874fe82333bae28e2d8
                                • Instruction ID: 5caa22a9e34874748ce4b826e485948fbb4a2a7488d15963ce1e7c7ccc12c51c
                                • Opcode Fuzzy Hash: b8c9ca70bbe0f16c95ea509c0489a80e2957080a47f10874fe82333bae28e2d8
                                • Instruction Fuzzy Hash: D14111B0D00308DFDB10DF99C594ADEBFB5FF08314F248029E809AB250DB759A85CB90
                                Function 02BC0998 Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 70b9c5e2b201f05c84f75a12dcdf2473198c1bf757c694acc4bf5877270b2b6e
                                • Instruction ID: 91a4592fbe2f42a6f01b1e436b920fc7627c48498e1a2157b90d0d0e43868466
                                • Opcode Fuzzy Hash: 70b9c5e2b201f05c84f75a12dcdf2473198c1bf757c694acc4bf5877270b2b6e
                                • Instruction Fuzzy Hash: 1F215831700207DFDB68BB79D95872E3BA9EF14349B6058ADF467C2184EB30E541CBA2
                                Function 02BC929B Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 94fc358f66b726ee141da57bcea743dcc45c761901646e57bb8a08d029b8c4c8
                                • Instruction ID: 38106dc02312eda37fa0a89b785d7c6213a3e016fdd54849ce2491f998fb9609
                                • Opcode Fuzzy Hash: 94fc358f66b726ee141da57bcea743dcc45c761901646e57bb8a08d029b8c4c8
                                • Instruction Fuzzy Hash: ED21AF31700615CFDB19AB74C9546AE77B6EF89708F64846CC402EB3A8EF319C42CB91
                                Function 02BC09A8 Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 784307ad8d263220d2dce31f9594d5150d71437452c73d44d24d99ddadeabc93
                                • Instruction ID: 9be9f9079b66d25e494d612b6beacb232be14f787d9efd58e026ef9d87501531
                                • Opcode Fuzzy Hash: 784307ad8d263220d2dce31f9594d5150d71437452c73d44d24d99ddadeabc93
                                • Instruction Fuzzy Hash: 6C214D31710207DFDB68BB79A51872E7AA9EF14345B2058ADB517C2244EF30E501CBA2
                                Function 02BCA09B Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e42471f31e47fd6aafdb41a906f8cf7d9c3c2c5f02cc15fbcdbaa5be852b9bd0
                                • Instruction ID: e760c42931c957c4cbe6916b16185be65b7b4264f173692289b83be30ba32812
                                • Opcode Fuzzy Hash: e42471f31e47fd6aafdb41a906f8cf7d9c3c2c5f02cc15fbcdbaa5be852b9bd0
                                • Instruction Fuzzy Hash: 3211E3357001154BCB18AB78D99066D37AB9F88618B10857DCE06D734AFF30EC0A87D2
                                Function 02BCB450 Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6d7482fc421939ee1295b9838cb79b6c186ed45f1a5b9d5ff71a4ea9ddfefe4f
                                • Instruction ID: 2c04309a5f3655163c3839b9e14d87055a0d1da55c9888d09e3180011013f46d
                                • Opcode Fuzzy Hash: 6d7482fc421939ee1295b9838cb79b6c186ed45f1a5b9d5ff71a4ea9ddfefe4f
                                • Instruction Fuzzy Hash: F311A270A002459FCB05EF78E44059E7BE6AF80314B5046ADC1058B359EB35A90A8FD1
                                Function 02BC1431 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c8515c7c3126d537c421f9af47f1e2127da5b87ebc378d77d7bf0e2895b162e9
                                • Instruction ID: 9808d7f816f63d0cd5e164799d063628656407d4f35d433df44dc198082e8472
                                • Opcode Fuzzy Hash: c8515c7c3126d537c421f9af47f1e2127da5b87ebc378d77d7bf0e2895b162e9
                                • Instruction Fuzzy Hash: B211CB71A00249CFCB54EBBCD40866A7BF6AF88304B2408BDD409DB349EA31C842DB91
                                Function 02BCB460 Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96a14e91d8f3ffa09dc99f0ab49dae0a731749ae340f4af99c5f66023c379521
                                • Instruction ID: 1c2e058a92d072e8660c8f9dbf6a9c2ce395e3c4446c206590a1f8d68dd94608
                                • Opcode Fuzzy Hash: 96a14e91d8f3ffa09dc99f0ab49dae0a731749ae340f4af99c5f66023c379521
                                • Instruction Fuzzy Hash: B81194706002459FCB05FB78E44069E7BF6EF85318F6046ADC1058B349EB75AA0ACFD5
                                Function 02BC1440 Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7f8a670c5dfc1ded516ebf29fcc77eba13ed381c8b3451aec174ee0935b72952
                                • Instruction ID: 4736a8cb4d187c0d1ca4a5d78dcad3b690ca71ed9e5d86c8617043af0f5dd510
                                • Opcode Fuzzy Hash: 7f8a670c5dfc1ded516ebf29fcc77eba13ed381c8b3451aec174ee0935b72952
                                • Instruction Fuzzy Hash: B2118B70B00205DFCB54EBBDD40462A7BEAEF8820472408BCD40ADB355EA30DC02CBA0
                                Function 02BC3691 Relevance: .0, Instructions: 48COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 08016ffd39c3f94f340dcc4a7c159af5429c4b81d9f6ac0d15ee6740ad4c3ac3
                                • Instruction ID: 6499eeafa6f18c9d4923ec189b90829f30b67684106a30982c8337af5c0a8c47
                                • Opcode Fuzzy Hash: 08016ffd39c3f94f340dcc4a7c159af5429c4b81d9f6ac0d15ee6740ad4c3ac3
                                • Instruction Fuzzy Hash: 4D01D4313042408BC719AB38E994B3E76D3AFC9254B54457DD50A8B341CF34CC06CB41
                                Function 02BC9010 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5b03f3af3b523b5ffd4a77c9dbc1a7af3a3f0a632a8e94f51cc27ee890226b78
                                • Instruction ID: 63480e2db3d2e7fc828fef444545eb1382c42deb2745ee4ab5ad037939f5e935
                                • Opcode Fuzzy Hash: 5b03f3af3b523b5ffd4a77c9dbc1a7af3a3f0a632a8e94f51cc27ee890226b78
                                • Instruction Fuzzy Hash: 761123B59007498FDB20DF9AC544BDEFBF4FB48324F208459D519A3240C379A944CFA1
                                Function 02BC9008 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8030aeb8155250e74362ad391f4a24faded9e9cb30c2800195d22eb728aeba5a
                                • Instruction ID: 415175bd55a1403abf966c753c2bd88c9672fd3af5f069d9a2ef4cb6bbf8fdb9
                                • Opcode Fuzzy Hash: 8030aeb8155250e74362ad391f4a24faded9e9cb30c2800195d22eb728aeba5a
                                • Instruction Fuzzy Hash: FB1100B59006498FDB20DF99C584BEEBBF4EB48324F20844AC519A3250C378A644CFA1
                                Function 02BC25F1 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01e8e6621c28b749e2148bd35d9d9b37320848a4881e319b667eb68097f652f3
                                • Instruction ID: 5af9dc64de2531f334065e1ab8f371e3fb138261cf36e8f5eb6a6ca375d8e587
                                • Opcode Fuzzy Hash: 01e8e6621c28b749e2148bd35d9d9b37320848a4881e319b667eb68097f652f3
                                • Instruction Fuzzy Hash: F3E01A7610E3C08FD303AB7898259117F74EF6B608B0A00D7D990CB2A3D218FD19EB22
                                Function 02BC0A8F Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bd2ef5b9a6da0ade476a749d03f9f5846cc250a2c338509574a6884ce2f42dae
                                • Instruction ID: e468dc18ebbf6dbecb964f31571712299ea1310c955bb1b27cf87bd5b492ba50
                                • Opcode Fuzzy Hash: bd2ef5b9a6da0ade476a749d03f9f5846cc250a2c338509574a6884ce2f42dae
                                • Instruction Fuzzy Hash: 29C08C20245107CFD33433B4D01CB2C399AAB50302F14089DB023000A98EB43400C31A
                                Function 02BC0A73 Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e30d4f02304a68532fd7bc0728cfb43edd62bca1a8493ac1e363ec347d739c13
                                • Instruction ID: 1c7f6a043364f4c260fe5c1027a3fd96314dd19d65e7a232fe0bfdcd8bada4b9
                                • Opcode Fuzzy Hash: e30d4f02304a68532fd7bc0728cfb43edd62bca1a8493ac1e363ec347d739c13
                                • Instruction Fuzzy Hash: 09C08C2024514ACFD7343374D01CB2C3A9AAB50302F14089EB023000A98EB43400C71A
                                Function 02BC2600 Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.3297899883.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2bc0000_zapytanie 2025.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 901014f1480f8d296acd67e20bb8c53b06b60f307b729293a5c9a267d77856f1
                                • Instruction ID: 003c395cb4ea3ff7aef76c4758e0ff7cf3f3437aa2504bf17678ed0a8d68e6f4
                                • Opcode Fuzzy Hash: 901014f1480f8d296acd67e20bb8c53b06b60f307b729293a5c9a267d77856f1
                                • Instruction Fuzzy Hash: 88C0923A260208CFC344EF99E588C12BBECFF58B003410099E5018B772DB21FC10EBA1