Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HammerDB-4.11-Win-x64-Setup.exe

Overview

General Information

Sample name:HammerDB-4.11-Win-x64-Setup.exe
Analysis ID:1523633
MD5:0e108f1745add2b9c9e0be898a9f688f
SHA1:d2335b8eeb9bd62cc146552a6c9d4a4f8ce03605
SHA256:e6a3e905b9a96e542e12dd8868e6b3568a18a67c0448f68005b3e9adadde3c4b
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Found API chain indicative of debugger detection
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries information about the installed CPU (vendor, model number etc)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.logJump to behavior
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: certificate valid
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Source: Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978443415.0000000010042000.00000002.00000001.01000000.00000005.sdmp
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006692F0 FindFirstFileW,FindClose,wcslen,GetFileAttributesA,FindFirstFileA,FindClose,GetFileAttributesA,0_2_006692F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00665390 GetLastError,GetLastError,GetLastError,strlen,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,0_2_00665390
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmpJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\Jump to behavior
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970952747.0000000003BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blogs.msdn.com/b/oldnewthing/archive/2004/01/30/65013.aspx
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970716861.0000000003A26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspx
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970921782.0000000003BAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.bitrock.com/feedback.php
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.bitrock.com/feedback.phpller.Er
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.bitrock.com/feedback.phpsions
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971887861.0000000004689000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.mic
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970677052.00000000039E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.micr
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970677052.00000000039E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.microsoft.co
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973541631.000000000500A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tcl.sf.net
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timestamp.apple.com/ts01
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timestamp.apple.com/ts01StylenableTimes
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timestamp.apple.com/ts01r
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975437104.0000000005DB5000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738104902.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975359927.0000000005D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tkcon.sourceforge.net/
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975319549.0000000005CEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitrock.com/api/1_0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973541631.000000000500A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.activestate.com/tcl/
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970769892.0000000003A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970992119.0000000003C37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/character-sets
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970952747.0000000003BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tdom.org
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005103E0 GetClipboardOwner,OpenClipboard,EmptyClipboard,CloseClipboard,0_2_005103E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_007A8204 SetClipboardData,0_2_007A8204
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004FD670 OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,SetClipboardData,0_2_004FD670
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004FDA40 GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,0_2_004FDA40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_007A8014 GetClipboardData,0_2_007A8014
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00504BD0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_00504BD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0059CDA0 MapVirtualKeyA,MapVirtualKeyA,MapVirtualKeyA,ToAscii,ToAscii,GetKeyState,GetKeyState,GetKeyState,ToAscii,VkKeyScanA,MapVirtualKeyA,ToAscii,0_2_0059CDA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00668140: GetLastError,memset,DeviceIoControl,CloseHandle,GetLastError,CloseHandle,0_2_00668140
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005402D00_2_005402D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006283B00_2_006283B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004E84700_2_004E8470
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006085B00_2_006085B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005306400_2_00530640
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006347D00_2_006347D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00508A300_2_00508A30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005DCAD00_2_005DCAD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005B8C000_2_005B8C00
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00670D610_2_00670D61
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00618DA00_2_00618DA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005ECEC00_2_005ECEC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005690900_2_00569090
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005999B00_2_005999B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00625B800_2_00625B80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00635EC00_2_00635EC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006766E00_2_006766E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0060AAD00_2_0060AAD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005DAC000_2_005DAC00
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004E30000_2_004E3000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005EB2700_2_005EB270
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0066B2000_2_0066B200
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005BB4200_2_005BB420
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005C35D00_2_005C35D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004EB7700_2_004EB770
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006337F00_2_006337F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005438100_2_00543810
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006679F00_2_006679F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E7A100_2_005E7A10
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005DFAC00_2_005DFAC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005EBA900_2_005EBA90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005F7C300_2_005F7C30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005D7D500_2_005D7D50
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00683D400_2_00683D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00613EC00_2_00613EC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006080400_2_00608040
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005700100_2_00570010
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0065C0000_2_0065C000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005DC0F00_2_005DC0F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004E41800_2_004E4180
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005FC1B00_2_005FC1B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005AC2600_2_005AC260
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006542900_2_00654290
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0059C3500_2_0059C350
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006843F50_2_006843F5
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005383A00_2_005383A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005B45400_2_005B4540
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E45300_2_005E4530
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006505D00_2_006505D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005107900_2_00510790
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006387A00_2_006387A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005A87800_2_005A8780
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005688D00_2_005688D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00544AF00_2_00544AF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00638AA00_2_00638AA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00684A900_2_00684A90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006E4A900_2_006E4A90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005CCB700_2_005CCB70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0066CB300_2_0066CB30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E4BF00_2_005E4BF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005A0C300_2_005A0C30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00594CD00_2_00594CD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00540D400_2_00540D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00560D400_2_00560D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00684E600_2_00684E60
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004F8E700_2_004F8E70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0053CEF00_2_0053CEF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00664ED00_2_00664ED0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00680ED00_2_00680ED0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00548EB00_2_00548EB0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00590EA00_2_00590EA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004FCFD00_2_004FCFD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00644FA00_2_00644FA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0062CF800_2_0062CF80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0055D0200_2_0055D020
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0066D0C00_2_0066D0C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005D51300_2_005D5130
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E91900_2_005E9190
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006E52F00_2_006E52F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0052D3000_2_0052D300
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005713200_2_00571320
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005FD3860_2_005FD386
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E54500_2_005E5450
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005294100_2_00529410
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005094300_2_00509430
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005654E00_2_005654E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005D95700_2_005D9570
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005B16500_2_005B1650
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006656300_2_00665630
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005AD6A00_2_005AD6A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005697500_2_00569750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E17500_2_005E1750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006197500_2_00619750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006117E00_2_006117E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006E57A00_2_006E57A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005FD8CE0_2_005FD8CE
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005AD8E00_2_005AD8E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006898B00_2_006898B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006419000_2_00641900
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00579AC00_2_00579AC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005FDAE00_2_005FDAE0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005B1A800_2_005B1A80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00535B600_2_00535B60
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005FDC930_2_005FDC93
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00541D700_2_00541D70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005D1F900_2_005D1F90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005160600_2_00516060
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0067A0300_2_0067A030
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005960000_2_00596000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0056E1700_2_0056E170
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006421300_2_00642130
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E61D00_2_005E61D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0062A1A00_2_0062A1A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0063A1900_2_0063A190
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0057A2200_2_0057A220
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005CE3100_2_005CE310
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005863300_2_00586330
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0064E3A00_2_0064E3A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005D63B00_2_005D63B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E64710_2_005E6471
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005DA5000_2_005DA500
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0067E5C00_2_0067E5C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0050A5E00_2_0050A5E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004FE5F00_2_004FE5F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004E26400_2_004E2640
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005E26C00_2_005E26C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005767500_2_00576750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004EE7D00_2_004EE7D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006868500_2_00686850
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0067E8C00_2_0067E8C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005D69000_2_005D6900
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005669C00_2_005669C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005729C00_2_005729C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 006E9610 appears 68 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 006411B0 appears 223 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 00632530 appears 176 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 00640D00 appears 42 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 006E96C8 appears 36 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 00644F60 appears 37 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 00644120 appears 51 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 006416E0 appears 46 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 006EF0F0 appears 40 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 0060C640 appears 44 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: String function: 004F5BE0 appears 48 times
Source: BRF6A1.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: BRF1F5.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: BRF662.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: BRF215.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: BRF43C.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: BRF137.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: BRF226.tmp.0.drStatic PE information: Number of sections : 11 > 10
Source: BRF6C2.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: BRF44D.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: Number of sections : 12 > 10
Source: BRF322.tmp.0.drStatic PE information: Number of sections : 11 > 10
Source: BRF651.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: BRF246.tmp.0.drStatic PE information: Number of sections : 16 > 10
Source: HammerDB-4.11-Win-x64-Setup.exeBinary or memory string: OriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesetup.exe8 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename 1 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C::maui::changeExecutableResources::windowsResourceOriginalFilename width 40 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;::maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974569168.0000000005726000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978482877.000000001005A000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenametwapi64.dllD vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6::maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977099693.0000000006A6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename.doNotSerializeIfDefault vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8windowsResourceOriginalFilename.doNotSerializeIfDefault vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename.text vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %windowsResourceOriginalFilename.text vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename.tip vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $windowsResourceOriginalFilename.tip vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename.type vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %windowsResourceOriginalFilename.type vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename.width vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &windowsResourceOriginalFilename.width vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename.defaultValue vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -windowsResourceOriginalFilename.defaultValue vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename.group vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &windowsResourceOriginalFilename.group vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974074634.0000000005364000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urceOriginalFilename {setup.exe} vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::L70wM::windowsSigningTimestampServerurceOriginalFilename {setup.exe} vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: classification engineClassification label: sus24.evad.winEXE@1/13@0/0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_005047C0 CreateBitmap,GetDC,CreateDIBSection,ReleaseDC,GetLastError,FormatMessageA,MessageBoxA,LocalFree,0_2_005047C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00598490 FindResourceA,LoadResource,LockResource,memcpy,0_2_00598490
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7cJump to behavior
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: HammerDB-4.11-Win-x64-Setup.exeString found in binary or memory: -start
Source: HammerDB-4.11-Win-x64-Setup.exeString found in binary or memory: -startline
Source: HammerDB-4.11-Win-x64-Setup.exeString found in binary or memory: full-stop
Source: HammerDB-4.11-Win-x64-Setup.exeString found in binary or memory: -startline must be less than or equal to -endline
Source: HammerDB-4.11-Win-x64-Setup.exeString found in binary or memory: -address
Source: HammerDB-4.11-Win-x64-Setup.exeString found in binary or memory: -startdoctypedeclcommand
Source: HammerDB-4.11-Win-x64-Setup.exeString found in binary or memory: -startcdatasectioncommand
Source: HammerDB-4.11-Win-x64-Setup.exeString found in binary or memory: -startnamespacedeclcommand
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile read: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeSection loaded: textshaping.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: certificate valid
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: HammerDB-4.11-Win-x64-Setup.exeStatic file information: File size 14564272 > 1048576
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x210400
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Source: Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978443415.0000000010042000.00000002.00000001.01000000.00000005.sdmp
Source: BRF226.tmp.0.drStatic PE information: 0xA418A410 [Thu Mar 29 07:58:08 2057 UTC]
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00506E30 LoadCursorA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,LoadIconA,0_2_00506E30
Source: HammerDB-4.11-Win-x64-Setup.exeStatic PE information: section name: .xdata
Source: BRF662.tmp.0.drStatic PE information: section name: .xdata
Source: BRF662.tmp.0.drStatic PE information: section name: /4
Source: BRF662.tmp.0.drStatic PE information: section name: /19
Source: BRF662.tmp.0.drStatic PE information: section name: /31
Source: BRF662.tmp.0.drStatic PE information: section name: /45
Source: BRF662.tmp.0.drStatic PE information: section name: /57
Source: BRF6A1.tmp.0.drStatic PE information: section name: .xdata
Source: BRF6A1.tmp.0.drStatic PE information: section name: /4
Source: BRF6A1.tmp.0.drStatic PE information: section name: /19
Source: BRF6A1.tmp.0.drStatic PE information: section name: /31
Source: BRF6A1.tmp.0.drStatic PE information: section name: /45
Source: BRF6A1.tmp.0.drStatic PE information: section name: /57
Source: BRF6C2.tmp.0.drStatic PE information: section name: .xdata
Source: BRF6C2.tmp.0.drStatic PE information: section name: /4
Source: BRF6C2.tmp.0.drStatic PE information: section name: /19
Source: BRF6C2.tmp.0.drStatic PE information: section name: /31
Source: BRF6C2.tmp.0.drStatic PE information: section name: /45
Source: BRF6C2.tmp.0.drStatic PE information: section name: /57
Source: BRF137.tmp.0.drStatic PE information: section name: .xdata
Source: BRF137.tmp.0.drStatic PE information: section name: /4
Source: BRF137.tmp.0.drStatic PE information: section name: /19
Source: BRF137.tmp.0.drStatic PE information: section name: /31
Source: BRF137.tmp.0.drStatic PE information: section name: /45
Source: BRF137.tmp.0.drStatic PE information: section name: /57
Source: BRF1F5.tmp.0.drStatic PE information: section name: .xdata
Source: BRF1F5.tmp.0.drStatic PE information: section name: /4
Source: BRF1F5.tmp.0.drStatic PE information: section name: /19
Source: BRF1F5.tmp.0.drStatic PE information: section name: /31
Source: BRF1F5.tmp.0.drStatic PE information: section name: /45
Source: BRF1F5.tmp.0.drStatic PE information: section name: /57
Source: BRF215.tmp.0.drStatic PE information: section name: .xdata
Source: BRF215.tmp.0.drStatic PE information: section name: /4
Source: BRF215.tmp.0.drStatic PE information: section name: /19
Source: BRF215.tmp.0.drStatic PE information: section name: /31
Source: BRF215.tmp.0.drStatic PE information: section name: /45
Source: BRF215.tmp.0.drStatic PE information: section name: /57
Source: BRF226.tmp.0.drStatic PE information: section name: .xdata
Source: BRF246.tmp.0.drStatic PE information: section name: .xdata
Source: BRF246.tmp.0.drStatic PE information: section name: /4
Source: BRF246.tmp.0.drStatic PE information: section name: /19
Source: BRF246.tmp.0.drStatic PE information: section name: /31
Source: BRF246.tmp.0.drStatic PE information: section name: /45
Source: BRF246.tmp.0.drStatic PE information: section name: /57
Source: BRF322.tmp.0.drStatic PE information: section name: .xdata
Source: BRF43C.tmp.0.drStatic PE information: section name: .xdata
Source: BRF43C.tmp.0.drStatic PE information: section name: /4
Source: BRF43C.tmp.0.drStatic PE information: section name: /19
Source: BRF43C.tmp.0.drStatic PE information: section name: /31
Source: BRF43C.tmp.0.drStatic PE information: section name: /45
Source: BRF43C.tmp.0.drStatic PE information: section name: /57
Source: BRF44D.tmp.0.drStatic PE information: section name: .xdata
Source: BRF44D.tmp.0.drStatic PE information: section name: /4
Source: BRF44D.tmp.0.drStatic PE information: section name: /19
Source: BRF44D.tmp.0.drStatic PE information: section name: /31
Source: BRF44D.tmp.0.drStatic PE information: section name: /45
Source: BRF44D.tmp.0.drStatic PE information: section name: /57
Source: BRF651.tmp.0.drStatic PE information: section name: .xdata
Source: BRF651.tmp.0.drStatic PE information: section name: /4
Source: BRF651.tmp.0.drStatic PE information: section name: /19
Source: BRF651.tmp.0.drStatic PE information: section name: /31
Source: BRF651.tmp.0.drStatic PE information: section name: /45
Source: BRF651.tmp.0.drStatic PE information: section name: /57
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006688D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,strchr,FreeLibrary,FreeLibrary,GetPrivateProfileStringA,GetWindowsDirectoryW,GetWindowsDirectoryA,lstrlenW,0_2_006688D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.logJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00506900 IsIconic,IsZoomed,AdjustWindowRectEx,SendMessageA,SendMessageA,SendMessageA,GetSystemMetrics,MoveWindow,GetClientRect,MoveWindow,GetWindowRect,DrawMenuBar,MoveWindow,0_2_00506900
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00660B70 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_00660B70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmpJump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006692F0 FindFirstFileW,FindClose,wcslen,GetFileAttributesA,FindFirstFileA,FindClose,GetFileAttributesA,0_2_006692F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00665390 GetLastError,GetLastError,GetLastError,strlen,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,0_2_00665390
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00660AB0 GetSystemInfo,VirtualQuery,0_2_00660AB0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmpJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeFile opened: C:\Users\user\Jump to behavior
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder\
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Loodud VMware InstallBuilderi avatud l
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Erstellt mit einer Testversion des VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a Open Source do VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Oprettet med en evalueringsversion af VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e Aberta de VMware InstallBuilder para
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973625096.000000000504C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lappend Btvxo /Library/Java/JavaVirtualMachines/*/Home/bin/java /Library/Java/JavaVirtualMachines/*/*/Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wersji demonstracyjnej programu VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ]Luotu VMware InstallBuilderin kokeiluversiollanstallBuilderin kokeiluversiolla
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creat cu o licenta Open Source a VMware InstallBuilder pentru %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ? ponownie teraz? VMware InstallBuilder dla %1$s si
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icon programa VMware InstallBuilderCompleted=Asennus onnistui
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilderX
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: set uLHWW com.vmware.installbuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: av VMware Ins
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rderingsversion av VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: el VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: digo abierto de VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Gemaakt met een evaluatieversie van VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977514080.0000000006D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /VMware InstallBuilder Multiplatform Enterprise
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creato con una versione di valutazione di VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n de VMware InstallBuildere opciones disponibles
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilderackageNametrycription</
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975410805.0000000005D6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if {[string match *BITROCKOEM* [$licenseInfo cget -organization]] || [string match *VMWAREOEM* [$licenseInfo cget -organization]]} {
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: om VMware InstallBuilder-ap
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <string>VMware InstallBuilder, Copyright %s-%s VMware, Inc.</string>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: testovacou verziou programu VMware InstallBuilderz
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ico VMware InstallBuilderja
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rama VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: i obert el VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wCreated with an evaluation version of VMware InstallBuilderr.ParameterFileNotValid=The specified path\n%1$s\nis not afile
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _Tervetuloa tuotteen %1$s ohjattuun asennukseen.ohjattuun asennukseen.erto de VMware InstallBilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: de VMware InstallBuilder%d / %d
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ler.EvaluationVersion.Text=VMware InstallBuilder'in deneme
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977966800.00000000070D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder'in deneme s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce do VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Luotu VMware InstallBuilderin %1$s-version avoimen l
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ncia de codi obert del VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creato con una licenza Open Source di VMware InstallBuilder per %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: u VMware InstallBuilder pre %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: valuation de VMware InstallBuilderInstaller.DownloadComponents.ProgressMeter=T
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gCrewyd gyda fersiwn gwerthuso VMware InstallBuilder`cQ
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tu VMware InstallBuilder priek
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Installerler.EvaluationVersion.Text=VMware InstallBuilder'in deneme t
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce license de VMware InstallBuilde pour %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce license de VMware InstallBuilder pour
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /Library/Java/JavaVirtualMachines/*/*/Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971805242.0000000004647000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: value1VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rograma VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977052179.0000000006A35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sOnly available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: licencji Open Source programu VMware InstallBuilder dla %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: on VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976069677.00000000061D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cget -organization]] || [string match *VMWAREOEM* [$li
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: on VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tip {Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: o do programa VMware InstallBuilderParameterFileDoesNotExist=Nid yw ffil \n%1$s\nyn bod
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ation de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971805242.0000000004647000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: o do programa VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972155954.00000000047DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Ins
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: o do programaVMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urim i hapur i VMware InstallBuilder p
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: About VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: oLoodud kasutades VMware InstallBuilderi prooviversiooni`
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975031683.0000000005A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder Installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icon programa VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pod licenciou Open Source programu VMware InstallBuilder pre %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rderingsversion av VMware InstallBuilder des abschlie
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: proc Kt_LQ {EOTnn mxtLu DlVtN jXCBl {runAsAdmin 0} {brGJd 0} {osxPlatforms {osx-intel osx-x86_64 osx-ppc osx-10.2}} {uLHWW com.vmware.installbuilder.installer} {cYjJt 1} {version 3.0}} {
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBui
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\%2$sntuk %1$sVMware InstallBuilder unuk %1$s ?
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$sr.Error.DirectoryToUnpack=Nelze nal
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e Aberta de VMware InstallBuilder para%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uLHWW com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nga %1su VMware InstallBuilder pre %1$sue
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rograma VMware InstallBuilder za %1$suencia de
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976757813.000000000677E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e.zi VMware InstallBuilder pro %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971696782.0000000004605000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "VMware InstallBuilder HTTP Client
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creato con una versione di valutazione di VMware InstallBuilderproxy.username=Nome utente:
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Luotu VMware InstallBuilderin kokeiluversiolla
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n VMware InstallBuilder-in A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: verzi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: testovacou verziou programu VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: om VMware InstallBuilder-a
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: in VMware InstallBuilder programmasyny
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *VMWAREOEM*
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976069677.00000000061D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::environment::jOL_v cget -organization]] || [string match *VMWAREOEM* [$li
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Crewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creat cu o versiune de evaluare VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a VMware InstallBuilder pentru %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sGemaakt met een evaluatieversie van VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Kreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: yIzdelano z odprtokodno licenco VMware InstallBuilder za %1$snloadComponents.Details=%1$s KB / %2$s KB prenesen. %3$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Dibuat dengan versi evaluasi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce license de VMware InstallBuilder pour%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975031683.0000000005A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder Installer`
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: valuation de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976728842.000000000673B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lt a VMware InstallBuilder Open Source licenc
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eDibuat dengan versi evaluasi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976128203.0000000006217000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::util::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ion av VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: des VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nga Burim i hapur i VMware InstallBuilder p
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976757813.000000000677E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: erto de VMware InstallB
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wOprettet med en evalueringsversion af VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder tresnak %1$s-(e)rako kode irekiko lizentziarekin irekitzen da
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Izveidots ar VMware InstallBuilder izm
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: de VMware InstallBuilderintreg sistemul pot fi create numai de catre un administrtornten die u niet wilt verwijderen. Klik op Volgende als u klaar bent om door te gaan.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ation de VMware InstallBuilders
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder tresnaren ebaluazio-bertsioarekin sortu da
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972155954.00000000047DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UFout bij wijzigen groep van %1$s naar %2$sigen groep van %1$s naar %2$s VMware InsallBuilder voor %1$ssize
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Kreiran sa Open Source licencom od VMware InstallBuilder-a za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: av VMware InsallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder %1$s.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: verzi VMware InstallBuildern ble ikke modifisertere
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970566184.00000000038E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <product>VMware InstallBuilder Multiplatform Enterprise</product>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uIzveidots ar VMware InstallBuilder izm
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::Dpj2f::Z71sd /Library/Java/JavaVirtualMachines/*/*/Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sKreirano sa evaluacionom verzijom VMware InstallBuilder-an=Biranje sajta na kome se nalazi datoteka
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971696782.0000000004605000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder HTTP Client
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uVMware InstallBuilder synag go
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rama VMware InstallBuilderation.reatingLi
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Izdelano z odprtokodno licenco VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder un
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$staessa asennuksen poistoa edelt
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: digo abierto de VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2968944004.0000000000E47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977514080.0000000006D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder Multiplatform Enterprise
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kCreat cu o versiune de evaluare VMware InstallBuilder@T
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce license de VMware InstallBuilde
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977052179.0000000006A35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wersji demonstracyjnej programu VMware InstallBuilderr.DownloadComponents.Details=Pobrano: %1$s KB / %2$s KB. %3$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976310211.00000000063A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: llicens av VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lt a VMware InstallBuilder pr
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Created with an evaluation version of VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976728842.000000000673B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qErstellt mit einer Testversion des VMware InstallBuilder an
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c osx-10.2}uLHWW com.vmware.installbuilder.installercYjJt 1version 3.0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$sn.Unzipping=Extrakce kompromovan
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Dibuat dengan lisensi Sumber Terbuka VMware InstallBuilder untuk %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Erstellt mit einer Open Source Lizenz von VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a Open Source do VMware InstallBuilder para %1$syn angehrheidiol: %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wCreated with an evaluation version of VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: in VMware InstallBuilder'in A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976128203.0000000006217000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::util::Hgstt . {About VMware InstallBuilder} {}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737844318.0000000003DFD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: defaultValue {VMware InstallBuilder}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <string>VMware InstallBuilder</string>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Loodud kasutades VMware InstallBuilderi prooviversiooni
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder-in s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: About VMware InstallBuilderf
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder synag go
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_0-123311
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00506E30 LoadCursorA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,LoadIconA,0_2_00506E30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00668D20 GetFileAttributesW,GetFileSecurityW,GetLastError,GetLastError,GetSecurityDescriptorOwner,GetSidIdentifierAuthority,memcmp,HeapFree,GetProcessHeap,HeapAlloc,GetFileSecurityW,GetLastError,HeapFree,CloseHandle,GetLastError,GetLastError,ImpersonateSelf,GetCurrentThread,RevertToSelf,HeapFree,CloseHandle,0_2_00668D20
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_004E11B0 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,_initterm,GetStartupInfoA,0_2_004E11B0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute progman progman [format {[ShowGroup("%s",6)]} $tCByq]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::UCmrK::Bidth]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972666707.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738685573.0000000004BA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,,,,,"%s")]} $Dwy2A $LBLLO $name $n1aXo]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972598089.0000000004B06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: te PROGMAN PROGMAN
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972666707.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738685573.0000000004BA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,"%s",,,,"%s")]} $Dwy2A $LBLLO $name $WfzhF $n1aXo]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974473083.00000000056A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN [format {[CreateGroup("%s")]} $tCByq]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: catch {dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $tCByq]}
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00661150 cpuid 0_2_00661150
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,GetClipboardData,GlobalLock,GlobalLock,GetLocaleInfoA,GlobalUnlock,GetClipboardData,CloseClipboard,GetClipboardData,GlobalLock,GlobalUnlock,0_2_004FD6D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeQueries volume information: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeQueries volume information: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation BiasJump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006709D0 GetSystemTimeAsFileTime,GetSystemTimeAsFileTime,QueryPerformanceCounter,QueryPerformanceCounter,QueryPerformanceFrequency,SetEvent,LeaveCriticalSection,WaitForSingleObjectEx,EnterCriticalSection,WaitForSingleObjectEx,QueryPerformanceCounter,GetSystemTimeAsFileTime,EnterCriticalSection,LeaveCriticalSection,0_2_006709D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_006712C0 getenv,strlen,strlen,GetTimeZoneInformation,0_2_006712C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_0066A450 GetVersionExA,GetSystemInfo,wsprintfA,0_2_0066A450
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exeCode function: 0_2_00505390 GetRunningObjectTable,CreateBindCtx,CreateFileMoniker,CreateFileMoniker,CreateFileMoniker,FormatMessageA,strrchr,strlen,LocalFree,wsprintfA,0_2_00505390

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Virtualization/Sandbox Evasion		1
Input Capture		12
System Time Discovery		Remote Services1
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory111
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares3
Clipboard Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS2
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync54
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
HammerDB-4.11-Win-x64-Setup.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://tcl.sf.netHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973541631.000000000500A000.00000004.00000020.00020000.00000000.sdmpfalse
    		unknown
    http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      http://www.iana.org/assignments/character-setsHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970992119.0000000003C37000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970921782.0000000003BAB000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          http://download.bitrock.com/feedback.phpller.ErHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://update.bitrock.com/api/1_0HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975319549.0000000005CEA000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://support.micrHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970677052.00000000039E4000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://www.tdom.orgHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970952747.0000000003BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://blogs.msdn.com/b/oldnewthing/archive/2004/01/30/65013.aspxHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970952747.0000000003BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://download.bitrock.com/feedback.phpsionsHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://www.google.comHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970769892.0000000003A68000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://tkcon.sourceforge.net/HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975437104.0000000005DB5000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738104902.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975359927.0000000005D2C000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://www.activestate.com/tcl/HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973541631.000000000500A000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://msdn.micHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971887861.0000000004689000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://support.microsoft.coHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970677052.00000000039E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspxHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970716861.0000000003A26000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://download.bitrock.com/feedback.phpHammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown

                                    World Map of Contacted IPs

                                    No contacted IP infos

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1523633
                                    Start date and time:2024-10-01 21:41:30 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 7m 8s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:6
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:HammerDB-4.11-Win-x64-Setup.exe
                                    Detection:SUS
                                    Classification:sus24.evad.winEXE@1/13@0/0
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 95%
                                    • Number of executed functions: 158
                                    • Number of non-executed functions: 62
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • VT rate limit hit for: HammerDB-4.11-Win-x64-Setup.exe

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmpPathWaveBenchVueDMM-2023-1-Setup-Basic.exeGet hashmaliciousUnknownBrowse
                                      C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmpPathWaveBenchVueDMM-2023-1-Setup-Basic.exeGet hashmaliciousUnknownBrowse

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):66133
                                        Entropy (8bit):5.043652481327373
                                        Encrypted:false
                                        SSDEEP:768:lkWATiD/k+zHsU3xYOsT2Sx6Q3VRqZcV8Uh5w2cA/3sELcFLlNKPieqkAszRB:iXTG/DzHj3xuWcVzh5OELcPNKVqkjzRB
                                        MD5:D2E59EE980C15085BBE292082ABEC7E6
                                        SHA1:30154E439177235E768C6FC9C7E6D83E9320A80B
                                        SHA-256:EB10D4D4B459F4BBAF611538ED8098C7FAD5A839495085F3363B3BF1050C4958
                                        SHA-512:6F61F337EE24A8FAB29AFCBCD2A5E674C5745CF5CAABA99E58FC9D762FAE3620864262D23118728ED6D124AB51FEEAA7D9057042B6A42BC9E49FEDA18005A7CA
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....^5_....2.....& .....B.....................b.............................P......]6....@... .........................................g................................................................... ...(.......................H............................text... A.......B.................. .P`.data...P....`.......H..............@.p..rdata.......p.......L..............@.`@.pdata...............Z..............@.0@.xdata...............^..............@.0@.bss..................................p..edata..g............b..............@.0@.idata...............d..............@.0..CRT....X............p..............@.@..tls....h............r..............@.`..reloc...............t..............@.0B/4......P............v..............@.PB/19..................x..............@..B/31.......... ......................@..B/45..........0......................@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):365056
                                        Entropy (8bit):6.18264633495016
                                        Encrypted:false
                                        SSDEEP:6144:VaGsA5DNPvUvxrBSTj80COxO7PnDrK9RmvHCV7/Zv1fuvIl2:9sA5DlvUvNBSTjwOn9Avi71WvIE
                                        MD5:C3C4F3FE90E3B3B02BEA0E8DA3447ED2
                                        SHA1:7AC0F54119D2273A2CD261F1FE6C5667E9C486DF
                                        SHA-256:3524EC77985E390ACF9D07D81B1B44305165D711BBCA770F7458EA0A78751F82
                                        SHA-512:0E24C9394C635A3F1671A297F97B613E6936CD8F862A214125D3456324A18668AE138D5C4FDE036F55E2B13B158E4CEBC53F78153862A008B1AE747EAB228A60
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Joe Sandbox View:
                                        • Filename: PathWaveBenchVueDMM-2023-1-Setup-Basic.exe, Detection: malicious, Browse
                                        Reputation:moderate, very likely benign file
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&pq.b...b...b.....b.`.....d.S...b.........r._.....e.c.....c.c.....g.c...Richb...........................PE..d...)U.N.........." ................@...............................................................................................py......./..........H............................5............................................... ..h............................text............................... ..`.rdata..;e... ...f..................@..@.data................l..............@....pdata...............p..............@..@.rsrc...H...........................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):60462
                                        Entropy (8bit):5.101194912004142
                                        Encrypted:false
                                        SSDEEP:768:kpR8lUiZHswDCxdJvuD0WZVVVR8RiTg8U2GO6WtxHDVBNqxsC4:uilUiihx3vVWGgTgT2GVWtC+D
                                        MD5:F62DD6CE51E19349EC1D1F2E88C4EF4D
                                        SHA1:60BD29538B4FECAF527BA8B7D92B7F32D2E72DDB
                                        SHA-256:BE88244DA9FAAA6636A9D2F4C4249C08066A0B48359690B9B27A2B9ED47E093D
                                        SHA-512:BA68A59427EC252B895E1C3D6879E0C7A010893D23B5A8687CE86D738FAAEC1367F73ABBCF63FB8CE8B95D32AFA3049CD59F22F0BC5A2FF2A3B123A54FE02012
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Joe Sandbox View:
                                        • Filename: PathWaveBenchVueDMM-2023-1-Setup-Basic.exe, Detection: malicious, Browse
                                        Reputation:moderate, very likely benign file
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....Q\....O.....& .....@...,................hf.............................P.......p........ ........................................./.......................................x........................... ...(.......................p............................text....?.......@.................. .P`.data........P.......F..............@.p..rdata.......`.......H..............@.p@.pdata...............Z..............@.0@.xdata...............^..............@.0@.bss....0.............................p..edata../............b..............@.0@.idata...............d..............@.0..CRT....X............l..............@.@..tls....h............n..............@.`..reloc..x............p..............@.0B/4......P............r..............@.PB/19..................t..............@..B/31.......... ......................@..B/45..........0......................@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):140032
                                        Entropy (8bit):5.77272263373677
                                        Encrypted:false
                                        SSDEEP:1536:lTfvna7AJNO4Yv3JsNpmTYjUmd3zH+jr7TC2omuU4zVz4A9jqOq2iFd:pff0Pl/+SYjUCSTUCj5d
                                        MD5:119E67E0B0ADD3F09AABBDE47A599E17
                                        SHA1:991C049D2466C5242F67E664159CB025F49E5C70
                                        SHA-256:439416FCEBCF073600AF44A2FB83428896DC8F69120EE4A76EE490A6428D6C94
                                        SHA-512:88D85765867555F8BF22DB707AE49042DB1A1BB1ED8A093AFE4D10446B25E6400A2811F88BC5AF9EDB16B2B4F0366B09177CB9116C89E6950CB96B9FB2D93572
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...._5_..........& .........r.................q.............................0......,......... ..............................................................`..P........................................... ...(.......................x............................text...@........................... .P`.data........ ......................@.p..rdata...(...0...*...$..............@.p@.pdata..P....`.......N..............@.0@.xdata.......p.......Z..............@.0@.bss..................................p..edata...............h..............@.0@.idata...............x..............@.0..CRT....X...........................@.@..tls....h...........................@.`..reloc..............................@.0B/4......P...........................@.PB/19.................................@..B/31.................................@..B/45.................................@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                        Category:dropped
                                        Size (bytes):525312
                                        Entropy (8bit):6.326337067953554
                                        Encrypted:false
                                        SSDEEP:12288:KGpJsVzp2blUFt1Rk8S9Hd22NMJ4sqZXU+1M0bp+D8CVpfxcz:KGpJsVtgUFtjk82jNMJ4pk+1Mdmz
                                        MD5:5FBC6BD806A8A6C460FACEEEA73BD7F7
                                        SHA1:4D1586A9631A72C3E1D75FB3C385DBD278804665
                                        SHA-256:8033D1B3AF84D47D275E022608DA35BAAC16CF40D9607CA026A47B6CD65E6A97
                                        SHA-512:4C51F9F331AC15206942E13504334B4C3549888519388607C44B617A68A9095114B0E6127E82B84170445DF06260CC62308BC197B90CFB95AF18D7CB6D413195
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:moderate, very likely benign file
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....$....... .............g.....................................q........ ......................................@..=....P..4...............\...............,........................... p..(....................R..X............................text....#.......$.................. .P`.data....A...@...B...(..............@.p..rdata...8.......:...j..............@.p@.pdata..\........ ..................@.0@.xdata..`!......."..................@.0@.bss......... ........................p..edata..=....@......................@.0@.idata..4....P......................@.0..CRT....X....`......................@.@..tls....h....p......................@.`..reloc..,...........................@.0B........................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):241448
                                        Entropy (8bit):5.119290538404736
                                        Encrypted:false
                                        SSDEEP:1536:fvHdOlJYzc4WrA5jDuSILZnyjGi98RkYD1a9okwGN0DCcFAyG6MifymQxz+ZIKx3:ATc5WrA5jiAjXKR3HdCcqyG6e/NC5
                                        MD5:51C675FC1EF0A62322052D3E86567C06
                                        SHA1:E295D0B668105D81F9180EF1056D0528E4B2116A
                                        SHA-256:AAA3D7E589E9BE1911EEE5974AFA68C64AF1BBD5E039FF6A82A15C2B54C0F9F0
                                        SHA-512:A352E82DB5C930C73165A48337AE51ACDA7EBD393B8B0B57D03D2E1B5057C41C26B1F321759B7BC521166890853ECDAD7B37531212243AD86E181E2252A3B78D
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...~.Q\..........& ....."....................Xl.............................................. .........................................]....................................0..h........................... ..(.......................`............................text.... .......".................. .P`.data...P....@.......(..............@.P..rdata...m...P...n...*..............@.P@.pdata..............................@.0@.xdata..............................@.0@.bss..................................p..edata..]...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls....h.... ......................@.`..reloc..h....0......................@.0B/4......P....@......................@.PB/19..........P......................@..B/31..........`......................@..B/45..........p......................@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                        Category:dropped
                                        Size (bytes):19456
                                        Entropy (8bit):4.855136950572863
                                        Encrypted:false
                                        SSDEEP:384:szVLiyxZuZ1R0PCtHIsyhxCTPBX0O1Ok:ELiyx60Y2XC5L1
                                        MD5:A56543B9CD3AA403311B49189D25851E
                                        SHA1:BD2609D35D4A967FE23EF4092B1DAA6F74A858AD
                                        SHA-256:034756F772399552CD33605A189EE0E45D7947860E0D83EC12AA6DA1A5A42054
                                        SHA-512:2237F493D70799675AE0E395F551B6CD46FF4789E46E2453C48FEDE07B7623B4B8111904D6FA139C204EEA4405B5FD5812B0A91F27374219B721339149C25EDF
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Q..]...........".....&...".................l.............................................. ..............................................................`..p...............d........................... ...(.......................H............................text....$.......&.................. .P`.data........@.......*..............@.`..rdata..0....P.......,..............@.p@.pdata..p....`.......4..............@.0@.xdata.......p.......8..............@.0@.bss..................................p..edata...............<..............@.0@.idata...............>..............@.0..CRT....X............F..............@.@..tls....h............H..............@.`..reloc..d............J..............@.0B........................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):98608
                                        Entropy (8bit):5.526395383526755
                                        Encrypted:false
                                        SSDEEP:1536:EbWmOP8RKRZ6j2oGbgY2pUA6hHkVWWdXW:rf8XyoxpUA+HYdXW
                                        MD5:9B299884420745D80C70BBA6B8A7F05A
                                        SHA1:195423185A7776E072A65FBABAE868C15F7B2F56
                                        SHA-256:9426E96A97F41645FAB524385A852687792F99B505554B6B9809ED99451B2399
                                        SHA-512:ED839DC1B6EF53F3663B6055FB2869A522600B2AF8D8A800958DDB531154F4E9A3F1733F32DFF5511A22FE01525191C8683519CBDCEDEC138B1BCF3425F2155B
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....Q\....0.....& .........P.................f............................................. .............................................. ..................x............P.............................. @..(....................!..x............................text............................... .P`.data...............................@.p..rdata.. ...........................@.P@.pdata..x...........................@.0@.xdata..............................@.0@.bss..................................p..edata..............................@.0@.idata....... ......................@.0..CRT....X....0......................@.@..tls....h....@......................@.`..reloc.......P......................@.0B/4......P....`......................@.PB/19..........p......................@..B/31.................................@..B/45.................................@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):118385
                                        Entropy (8bit):5.701653264797255
                                        Encrypted:false
                                        SSDEEP:1536:KwyYhA2qNG2B5zvQv8sW5vX/D9KPmT/Kujkp8A1M08EFmliT53lM+HW:xhAtNZQvZW5z9KPWLO1M06Ilm+HW
                                        MD5:54431791B0B31CCD0112486F542858A1
                                        SHA1:E628F2DC29D039D474F97FE67E562BD8798C6BA6
                                        SHA-256:B382C74F532AB766C272ED11B107A3EF7C015CCA2E716243379058C084981332
                                        SHA-512:FAB7561A312AFDC92DCF70FE8A80356914153BDB9FF46D64B8F4E8D872A5A619A72A9AE5A8AF656F371A59672737FE5990D33990154AD3B5D006A68CBEFD01F3
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...k_5_.N..d.....& .........B.................g....................................&......... ......................................`..s....p..8............0.............................................. ...(....................q...............................text............................... .P`.data...............................@.p..rdata..............................@.P@.pdata.......0......................@.0@.xdata.......@......................@.0@.bss....0....P........................p..edata..s....`.......(..............@.0@.idata..8....p.......*..............@.0..CRT....X............2..............@.@..tls....h............4..............@.`..reloc...............6..............@.0B/4......P............8..............@.PB/19..................:..............@..B/31..................H..............@..B/45..................J..............@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):55263
                                        Entropy (8bit):4.928828205790685
                                        Encrypted:false
                                        SSDEEP:384:xhOpS6jed4vPU9NEDP4dCHjZ/zETnBfMVVVVRyjnoTDpghYgKOzcEJ3gAE7iF794:CoeKEDfFwxMVVVVRAno3pqBQ0WhUsFj
                                        MD5:2C8F6A964CA7761122F7DA22042462F4
                                        SHA1:290E48BF0F83B3F3832F69BB1EA0637ED4D8CCCA
                                        SHA-256:9D6F2629AA5978DD6B87FE9BCE77A5CF0135B8DA2980A050579EB4E23A92F8FA
                                        SHA-512:88C49DBC5A5CCE28FC61689B953E091DC5114196A9CE5977DE1BC1EA916333D73A13D06ABB56B7AFD88F6C4F80953A2B9B720CD79E773A1246D44B37EAE4CBF8
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....Q\.v..G.....& .....4...&.................c.............................@................ .........................................l.......h............p..................t........................... ...(.......................`............................text....3.......4.................. .P`.data........P.......:..............@.p..rdata..@....`.......<..............@.P@.pdata.......p.......H..............@.0@.xdata...............L..............@.0@.bss..................................p..edata..l............P..............@.0@.idata..h............R..............@.0..CRT....X............Z..............@.@..tls....h............\..............@.`..reloc..t............^..............@.0B/4......P............`..............@.PB/19..................b..............@..B/31..................p..............@..B/45.......... .......r..............@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):54306
                                        Entropy (8bit):4.798541373874198
                                        Encrypted:false
                                        SSDEEP:768:MpACip1KKANXCDxRVVVVVVVRYEU8DrctRre1L0V69Uxs9J:EAp1K9NCeErzn9U+3
                                        MD5:4640FD47F64BB72CB34DBAFEE65DBDDE
                                        SHA1:508C8713E06BA55588D41918C5A99308CB4B37A0
                                        SHA-256:F02C4352EA80E1B476EB4754455AE684EFB4289D95EDF925E38BD3789F6EAD49
                                        SHA-512:DE2D05EA66AB37B7120CDE8F4AEB79C6365430BD94F56B07019451E1329F8F3A2674AF9ED6677B8ADE59FA2185C6A48EAEAD47091EDC8284E686260C69544A4C
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....Q\.p..].....& .....,...(.................c.............................@................ .........................................c.......,............`.............................................. ...(.......................P............................text...0*.......,.................. .P`.data...`....@.......2..............@.P..rdata.......P.......4..............@.p@.pdata.......`.......B..............@.0@.xdata..t....p.......F..............@.0@.bss..................................p..edata..c............J..............@.0@.idata..,............L..............@.0..CRT....X............T..............@.@..tls....h............V..............@.`..reloc...............X..............@.0B/4......P............Z..............@.PB/19..................\..............@..B/31..................j..............@..B/45.......... .......l..............@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):223794
                                        Entropy (8bit):5.987297584654645
                                        Encrypted:false
                                        SSDEEP:3072:5eaM4AU0AdddNM3zisTtE+sxD0dk+COo3kYzCYExXxt70W:oUAdAdddN8iI/Tes70W
                                        MD5:7190ECF05EC3B297D6DED3E204399E95
                                        SHA1:5C085CBBBCC8686266ACFB318E75A38794625E88
                                        SHA-256:49E2C502923DE5F89958DE86F1CC6F91E7DDAFE46D0F81BFB51A669627650E6E
                                        SHA-512:4E12ADCAAEBDC08E06270437DD4EBF33C4AECD5B6CCE7245BF12B0303C809465D75D5B319FB262A807CF9A5CB99D808E466FC30B19D88DDCF2B3F0B9C9F74881
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...z.Q\..........& ...........................j....................................Z......... .........................................g....................................0.............................. ..(....................................................text...P........................... .P`.data........ ......................@.P..rdata...P...0...R..................@.p@.pdata...............\..............@.0@.xdata...............p..............@.0@.bss..................................p..edata..g...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls....h.... ......................@.`..reloc.......0......................@.0B/4......P....@......................@.PB/19..........P......................@..B/31..........`......................@..B/45..........p......................@..B/57.....

                                        C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):128664
                                        Entropy (8bit):5.914596539398763
                                        Encrypted:false
                                        SSDEEP:1536:ty8u7zqKTn4gE1F9G2i6XNgpYou6KrtnToIf4IOCIOq/gn82ubDhbQA+1:Nu7uHg529N4KrlTBf+gq/gzuBcA+1
                                        MD5:053A60F34C75CA0A4A821B46EAE86D31
                                        SHA1:EBCF9F84A393969655969C248C2D572D7A05541C
                                        SHA-256:683F19A461948F4CCA2FBECE26949B34D6347DFF279EFECE983B9F64A868422C
                                        SHA-512:346C989EF320079B5978678264059AD9E545081DDED233D10DCA73A72906FA01DF30A3C96F6D319EFCEA64C198EF409748E511DAB8A4D43E1FA7AF50ED3F0256
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...o.Q\.p........& .........z.................f.............................0................ .........................................i.......|............`.............................................. ...(...................................................text............................... .P`.data...............................@.`..rdata..0W.......X..................@.p@.pdata.......`.......:..............@.0@.xdata.......p.......B..............@.0@.bss..................................p..edata..i............J..............@.0@.idata..|............L..............@.0..CRT....X............T..............@.@..tls....h............V..............@.`..reloc...............X..............@.0B/4......P............Z..............@.PB/19..................\..............@..B/31..................j..............@..B/45..................l..............@..B/57.....

                                        Static File Info

                                        General

                                        File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                        Entropy (8bit):7.822532343129769
                                        TrID:
                                        • Win64 Executable (generic) (12005/4) 74.95%
                                        • Generic Win/DOS Executable (2004/3) 12.51%
                                        • DOS Executable Generic (2002/1) 12.50%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                        File name:HammerDB-4.11-Win-x64-Setup.exe
                                        File size:14'564'272 bytes
                                        MD5:0e108f1745add2b9c9e0be898a9f688f
                                        SHA1:d2335b8eeb9bd62cc146552a6c9d4a4f8ce03605
                                        SHA256:e6a3e905b9a96e542e12dd8868e6b3568a18a67c0448f68005b3e9adadde3c4b
                                        SHA512:fabd71a99ab5de92b7238e077123ecb4fb749fa44e66ce0d42c8912363f3f482ed2e3c7460528f888e8467e256c4aa4a5a5b83980255d86805897cefb2aded74
                                        SSDEEP:393216:XKwN8f9uYOnhjoS+2ezK1m6LwJhPiMVea:6Xf9uY8gqLwOm
                                        TLSH:BFE60213E2A200ACC57BC1748767E672A833BC2911397EAE225CDB353F67D90672E715
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...P.....................!..6/..@............@.............................../......U....@... ............................

                                        File Icon

                                        Icon Hash:4f6545094c65772b

                                        Static PE Info

                                        General

                                        Entrypoint:0x4014d0
                                        Entrypoint Section:.text
                                        Digitally signed:true
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH
                                        Time Stamp:0x1C0150 [Thu Jan 22 05:49:04 1970 UTC]
                                        TLS Callbacks:0x601c00
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:9a82d8af6ced3b31a91116b12a675597

                                        Authenticode Signature

                                        Signature Valid:true
                                        Signature Issuer:CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                        Signature Validation Error:The operation completed successfully
                                        Error Number:0
                                        Not Before, Not After
                                        • 17/04/2024 11:37:31 09/03/2027 15:45:53
                                        Subject Chain
                                        • CN=Transaction Processing Performance Council, O=Transaction Processing Performance Council, L=San Francisco, S=California, C=US
                                        Version:3
                                        Thumbprint MD5:3135C45E4E0F20CFEE07435A23B3B244
                                        Thumbprint SHA-1:FDBA7DDD61CF970C7056B08741E82A7E93FC7D50
                                        Thumbprint SHA-256:38051A280FCBCAA7D0297A3D89E01FC5677F8F70CE2A109B1F70CDD459CD528C
                                        Serial:161F37C4BA9E633257BE1879

                                        Entrypoint Preview

                                        Instruction
                                        dec eax
                                        sub esp, 28h
                                        dec eax
                                        mov eax, dword ptr [0028C315h]
                                        mov dword ptr [eax], 00000001h
                                        call 00007F97549E2E9Fh
                                        call 00007F97547E265Ah
                                        nop
                                        nop
                                        dec eax
                                        add esp, 28h
                                        ret
                                        nop word ptr [eax+eax+00000000h]
                                        dec eax
                                        sub esp, 28h
                                        dec eax
                                        mov eax, dword ptr [0028C2E5h]
                                        mov dword ptr [eax], 00000000h
                                        call 00007F97549E2E6Fh
                                        call 00007F97547E262Ah
                                        nop
                                        nop
                                        dec eax
                                        add esp, 28h
                                        ret
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        mov eax, 00000001h
                                        ret
                                        nop word ptr [eax+eax+00000000h]
                                        push ebx
                                        dec eax
                                        sub esp, 20h
                                        dec eax
                                        mov ebx, ecx
                                        dec eax
                                        mov ecx, dword ptr [ecx+40h]
                                        dec eax
                                        test ecx, ecx
                                        je 00007F97547E2997h
                                        call 00007F975494E44Fh
                                        mov edx, dword ptr [ebx+0Ch]
                                        dec eax
                                        mov dword ptr [ebx+40h], 00000000h
                                        dec eax
                                        mov ecx, dword ptr [ebx]
                                        dec eax
                                        add esp, 20h
                                        pop ebx
                                        jmp 00007F9754919D97h
                                        nop
                                        push edi
                                        push esi
                                        push ebx
                                        dec eax
                                        sub esp, 20h
                                        dec eax
                                        mov esi, ecx
                                        dec eax
                                        mov ecx, dword ptr [ecx+18h]
                                        dec eax
                                        mov edi, edx
                                        call 00007F9754931D1Fh
                                        dec eax
                                        mov ecx, dword ptr [esi+10h]
                                        dec ecx
                                        mov eax, edi
                                        add dword ptr [eax], 01h
                                        dec eax
                                        mov edx, eax
                                        dec eax
                                        mov ebx, eax
                                        call 00007F97547E2A3Ah

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x2c50000x6e.edata
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2c60000x4e80.idata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2cd0000x2ad18.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2980000x10608.pdata
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xde0d680x2e48
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x2f80000x6030.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x2cc0200x28.tls
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x2c72640x1160.idata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x2102980x2104006ae488cfca868a942cb7dbfd075cd8bbunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .data0x2120000x2f1a00x2f2000709921ee5d1497bdea113ebd77457d9False0.13664103945623343dBase III DBT, version number 0, next free block index 10, 1st item "set ::tclKitMkCounter 0"1.7781191208307567IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rdata0x2420000x55b400x55c00832e08a2c5aa6ed38347de18080c20c6False0.3180461916909621data5.487884501517524IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                        .pdata0x2980000x106080x1080031fd0a5bc32686b1ecae91c12b48d1b8False0.5213512073863636data6.170087558085669IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                        .xdata0x2a90000x174f40x17600347464d0c160ce58a6e3c5cbf66f6c0bFalse0.12916736296791445data5.024835085140401IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                        .bss0x2c10000x3f000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .edata0x2c50000x6e0x200d3c3f109ecceeea1199b0a4cd2ae49c0False0.189453125data1.3369654237368669IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                        .idata0x2c60000x4e800x500050fd5b986bb415538cc041d844cb35e4False0.276806640625data4.687474588989904IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .CRT0x2cb0000x680x20094272f2beab2fda7634dd395334f7ebdFalse0.07421875data0.25765437076190567IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .tls0x2cc0000x680x200bbd9c6a5466089bd92ab4524f503ce4dFalse0.060546875data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0x2cd0000x2ad180x2ae00c036242a41029cb4d25bcd513692e832False0.2680336643586006data4.153783838935504IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .reloc0x2f80000x60300x6200d513bef21453a2a10de44bcf63f53ac5False0.28738839285714285data5.425007608122644IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_CURSOR0x2cf6780x134dataEnglishUnited States0.37662337662337664
                                        RT_CURSOR0x2cf7ac0x134dataEnglishUnited States0.3961038961038961
                                        RT_CURSOR0x2cf8e00x134dataEnglishUnited States0.2694805194805195
                                        RT_CURSOR0x2cfa140x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.24675324675324675
                                        RT_CURSOR0x2cfb480x134dataEnglishUnited States0.25
                                        RT_CURSOR0x2cfc7c0x134dataEnglishUnited States0.2694805194805195
                                        RT_CURSOR0x2cfdb00x134dataEnglishUnited States0.32142857142857145
                                        RT_CURSOR0x2cfee40x134dataEnglishUnited States0.3246753246753247
                                        RT_CURSOR0x2d00180x134dataEnglishUnited States0.30844155844155846
                                        RT_CURSOR0x2d014c0x134dataEnglishUnited States0.19480519480519481
                                        RT_CURSOR0x2d02800x134dataEnglishUnited States0.2694805194805195
                                        RT_CURSOR0x2d03b40x134dataEnglishUnited States0.2857142857142857
                                        RT_CURSOR0x2d04e80x134dataEnglishUnited States0.3344155844155844
                                        RT_CURSOR0x2d061c0x134dataEnglishUnited States0.45454545454545453
                                        RT_CURSOR0x2d07500x134dataEnglishUnited States0.3181818181818182
                                        RT_CURSOR0x2d08840x134dataEnglishUnited States0.2077922077922078
                                        RT_CURSOR0x2d09b80x134dataEnglishUnited States0.39935064935064934
                                        RT_CURSOR0x2d0aec0x134dataEnglishUnited States0.17857142857142858
                                        RT_CURSOR0x2d0c200x134dataEnglishUnited States0.37012987012987014
                                        RT_CURSOR0x2d0d540x134dataEnglishUnited States0.22402597402597402
                                        RT_CURSOR0x2d0e880x134dataEnglishUnited States0.21428571428571427
                                        RT_CURSOR0x2d0fbc0x134dataEnglishUnited States0.33766233766233766
                                        RT_CURSOR0x2d10f00x134dataEnglishUnited States0.37987012987012986
                                        RT_CURSOR0x2d12240x134dataEnglishUnited States0.37662337662337664
                                        RT_CURSOR0x2d13580x134dataEnglishUnited States0.3409090909090909
                                        RT_CURSOR0x2d148c0x134dataEnglishUnited States0.4090909090909091
                                        RT_CURSOR0x2d15c00x134dataEnglishUnited States0.37662337662337664
                                        RT_CURSOR0x2d16f40x134dataEnglishUnited States0.3181818181818182
                                        RT_CURSOR0x2d18280x134dataEnglishUnited States0.4155844155844156
                                        RT_CURSOR0x2d195c0x134dataEnglishUnited States0.38311688311688313
                                        RT_CURSOR0x2d1a900x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.44155844155844154
                                        RT_CURSOR0x2d1bc40x134dataEnglishUnited States0.41233766233766234
                                        RT_CURSOR0x2d1cf80x134dataEnglishUnited States0.21428571428571427
                                        RT_CURSOR0x2d1e2c0x134dataEnglishUnited States0.3116883116883117
                                        RT_CURSOR0x2d1f600x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.33766233766233766
                                        RT_CURSOR0x2d20940x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.3051948051948052
                                        RT_CURSOR0x2d21c80x134dataEnglishUnited States0.19480519480519481
                                        RT_CURSOR0x2d22fc0x134dataEnglishUnited States0.21428571428571427
                                        RT_CURSOR0x2d24300x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.19480519480519481
                                        RT_CURSOR0x2d25640x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.19155844155844157
                                        RT_CURSOR0x2d26980x134dataEnglishUnited States0.4383116883116883
                                        RT_CURSOR0x2d27cc0x134dataEnglishUnited States0.21428571428571427
                                        RT_CURSOR0x2d29000x134dataEnglishUnited States0.33766233766233766
                                        RT_CURSOR0x2d2a340x134dataEnglishUnited States0.37987012987012986
                                        RT_CURSOR0x2d2b680x134dataEnglishUnited States0.4318181818181818
                                        RT_CURSOR0x2d2c9c0x134dataEnglishUnited States0.18506493506493507
                                        RT_CURSOR0x2d2dd00x134dataEnglishUnited States0.37662337662337664
                                        RT_CURSOR0x2d2f040x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35064935064935066
                                        RT_CURSOR0x2d30380x134dataEnglishUnited States0.2922077922077922
                                        RT_CURSOR0x2d316c0x134dataEnglishUnited States0.19480519480519481
                                        RT_CURSOR0x2d32a00x134dataEnglishUnited States0.19805194805194806
                                        RT_CURSOR0x2d33d40x134dataEnglishUnited States0.2824675324675325
                                        RT_CURSOR0x2d35080x134dataEnglishUnited States0.32142857142857145
                                        RT_CURSOR0x2d363c0x134dataEnglishUnited States0.262987012987013
                                        RT_CURSOR0x2d37700x134dataEnglishUnited States0.288961038961039
                                        RT_CURSOR0x2d38a40x134dataEnglishUnited States0.2435064935064935
                                        RT_CURSOR0x2d39d80x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.2435064935064935
                                        RT_CURSOR0x2d3b0c0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.24675324675324675
                                        RT_CURSOR0x2d3c400x134dataEnglishUnited States0.3116883116883117
                                        RT_CURSOR0x2d3d740x134dataEnglishUnited States0.36038961038961037
                                        RT_CURSOR0x2d3ea80x134dataEnglishUnited States0.32792207792207795
                                        RT_CURSOR0x2d3fdc0x134dataEnglishUnited States0.37337662337662336
                                        RT_CURSOR0x2d41100x134dataEnglishUnited States0.2597402597402597
                                        RT_CURSOR0x2d42440x134dataEnglishUnited States0.4512987012987013
                                        RT_CURSOR0x2d43780x134dataEnglishUnited States0.36688311688311687
                                        RT_CURSOR0x2d44ac0x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.18831168831168832
                                        RT_CURSOR0x2d45e00x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38311688311688313
                                        RT_CURSOR0x2d47140x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.3181818181818182
                                        RT_CURSOR0x2d48480x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.32142857142857145
                                        RT_CURSOR0x2d497c0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.30194805194805197
                                        RT_CURSOR0x2d4ab00x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.19480519480519481
                                        RT_CURSOR0x2d4be40x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.3409090909090909
                                        RT_CURSOR0x2d4d180x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.18831168831168832
                                        RT_CURSOR0x2d4e4c0x134dataEnglishUnited States0.3246753246753247
                                        RT_CURSOR0x2d4f800x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.18831168831168832
                                        RT_CURSOR0x2d50b40x134dataEnglishUnited States0.288961038961039
                                        RT_CURSOR0x2d51e80x134dataEnglishUnited States0.24025974025974026
                                        RT_CURSOR0x2d531c0x134dataEnglishUnited States0.12012987012987013
                                        RT_BITMAP0x2d54500x340Device independent bitmap graphic, 52 x 26 x 4, image size 728EnglishUnited States0.40625
                                        RT_ICON0x2d57900x58b0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9941420014094433
                                        RT_ICON0x2db0400x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.12464572508266415
                                        RT_ICON0x2df2680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.20062240663900416
                                        RT_ICON0x2e18100x1eb6PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9994912236072246
                                        RT_ICON0x2e36c60x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.3027673545966229
                                        RT_ICON0x2e476e0x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.364344262295082
                                        RT_ICON0x2e50f60x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.38222543352601157
                                        RT_DIALOG0x2e565e0x23adataEnglishUnited States0.5421052631578948
                                        RT_GROUP_CURSOR0x2e58980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                        RT_GROUP_CURSOR0x2e58ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e58c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e58d40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e58e80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e58fc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59100x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59240x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e594c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59740x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e599c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59b00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59c40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59d80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e59ec0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5a000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5a140x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5a280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5a3c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5a500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5a640x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5a780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5a8c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5aa00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5ab40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5ac80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5adc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5af00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                        RT_GROUP_CURSOR0x2e5b040x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5b180x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5b2c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5b400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5b540x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5b680x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5b7c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5b900x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5ba40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5bb80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5bcc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5be00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5bf40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5c080x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5c1c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5c300x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5c440x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5c580x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5c6c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5c800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5c940x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5ca80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5cbc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5cd00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5ce40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5cf80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5d0c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5d200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5d340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5d480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5d5c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5d700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5d840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                        RT_GROUP_CURSOR0x2e5d980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5dac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5dc00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5dd40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5de80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5dfc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5e100x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5e240x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5e380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5e4c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5e600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5e740x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_CURSOR0x2e5e880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                        RT_GROUP_CURSOR0x2e5e9c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_ICON0x2e5eb00x68dataEnglishUnited States0.7884615384615384
                                        RT_VERSION0x2e5f180x781cdataEnglishUnited States0.021757512683751788
                                        RT_MANIFEST0x2ed7340x772XML 1.0 document, ASCII textEnglishUnited States0.3861490031479538
                                        RT_MANIFEST0x2edea60x772XML 1.0 document, ASCII textEnglishUnited States0.3861490031479538

                                        Imports

                                        DLLImport
                                        ADVAPI32.dllGetSecurityDescriptorOwner, GetSidIdentifierAuthority, GetUserNameA, GetUserNameW, RegCloseKey, RegOpenKeyExA, RegQueryValueExA
                                        COMCTL32.dllInitCommonControlsEx
                                        comdlg32.dllChooseColorA, CommDlgExtendedError, GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW
                                        GDI32.dllArc, BitBlt, Chord, CombineRgn, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateFontIndirectW, CreatePalette, CreatePatternBrush, CreatePen, CreateRectRgn, CreateRectRgnIndirect, CreateSolidBrush, DPtoLP, DeleteDC, DeleteObject, EnumFontFamiliesA, EnumFontFamiliesW, ExtCreatePen, ExtTextOutA, GetBkMode, GetCharWidthA, GetCharWidthW, GetDIBits, GetDeviceCaps, GetFontData, GetMapMode, GetNearestColor, GetNearestPaletteIndex, GetObjectA, GetPaletteEntries, GetPixel, GetRgnBox, GetStockObject, GetTextCharset, GetTextExtentPoint32A, GetTextExtentPoint32W, GetTextExtentPointA, GetTextFaceA, GetTextFaceW, GetTextMetricsA, OffsetClipRgn, PatBlt, Pie, Polygon, Polyline, RealizePalette, RectInRegion, Rectangle, ResizePalette, SelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetBrushOrgEx, SetMapMode, SetPaletteEntries, SetPolyFillMode, SetROP2, SetRectRgn, SetTextAlign, SetTextColor, StretchDIBits, TextOutA, TextOutW, TranslateCharsetInfo, UpdateColors
                                        IMM32.dllImmGetCompositionStringA, ImmGetCompositionStringW, ImmGetContext, ImmReleaseContext, ImmSetCompositionWindow
                                        KERNEL32.dllBuildCommDCBA, BuildCommDCBW, ClearCommError, CloseHandle, CopyFileA, CopyFileW, CreateDirectoryA, CreateDirectoryW, CreateEventA, CreateFileA, CreateFileMappingA, CreateFileW, CreatePipe, CreateProcessA, CreateProcessW, CreateSemaphoreW, CreateThread, DeleteCriticalSection, DeleteFileA, DeleteFileW, DeviceIoControl, DuplicateHandle, EnterCriticalSection, EscapeCommFunction, ExitProcess, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FlushFileBuffers, FormatMessageA, FreeLibrary, GetACP, GetCommModemStatus, GetCommState, GetComputerNameA, GetComputerNameW, GetConsoleCP, GetConsoleMode, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetEnvironmentVariableW, GetExitCodeProcess, GetExitCodeThread, GetFileAttributesA, GetFileAttributesW, GetFileInformationByHandle, GetFileType, GetFullPathNameA, GetFullPathNameW, GetLastError, GetLocaleInfoA, GetLogicalDriveStringsA, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetOverlappedResult, GetPrivateProfileStringA, GetProcAddress, GetProcessHeap, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStdHandle, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetVolumeInformationW, GetWindowsDirectoryA, GetWindowsDirectoryW, GlobalAlloc, GlobalLock, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, IsDBCSLeadByte, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadResource, LocalFree, LockResource, MapViewOfFile, MoveFileA, MoveFileW, MulDiv, MultiByteToWideChar, OutputDebugStringA, PeekConsoleInputA, PeekNamedPipe, PurgeComm, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleA, ReadConsoleW, ReadFile, ReleaseSemaphore, RemoveDirectoryA, RemoveDirectoryW, ResetEvent, RtlAddFunctionTable, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SearchPathA, SearchPathW, SetCommState, SetCommTimeouts, SetConsoleMode, SetCurrentDirectoryA, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetHandleInformation, SetLastError, SetThreadPriority, SetUnhandledExceptionFilter, SetupComm, Sleep, TerminateProcess, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WriteConsoleA, WriteConsoleW, WriteFile, lstrcpyA, lstrcpyW, lstrcpynA, lstrlenA, lstrlenW
                                        msvcrt.dll__C_specific_handler, __argc, __argv, __dllonexit, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _beginthreadex, _cexit, _ctime64, _endthreadex, _environ, _errno, _fdopen, _fileno, _fmode, _ftime64, _get_osfhandle, _getpid, _gmtime64, _hypot, _initterm, _isatty, _localtime64, _lock, _mktime64, _onexit, _open, _putenv, _strdup, _stricmp, _stricmp, _strnicmp, _strnicmp, _strtoi64, _time64, _timezone, _tzset, _unlock, _vsnwprintf, _wcsicmp, _wopen, _write, abort, acos, asin, atan, atoi, calloc, cosh, exit, fclose, ferror, fflush, fprintf, fputc, fputs, fread, free, frexp, fseek, ftell, fwrite, getenv, isalnum, isalpha, islower, isprint, isspace, isupper, isxdigit, localeconv, log10, malloc, memcmp, memcpy, memmove, memset, printf, puts, qsort, realloc, setlocale, signal, sinh, sprintf, sscanf, strcat, strchr, strcmp, strcpy, strcspn, strerror, strlen, strncmp, strncpy, strpbrk, strrchr, strspn, strstr, strtol, strtoul, tan, tanh, tolower, toupper, vfprintf, vsprintf, wcschr, wcscmp, wcscpy, wcslen, wcsncmp, wcsncpy
                                        ole32.dllCreateBindCtx, CreateErrorInfo, CreateFileMoniker, GetRunningObjectTable, SetErrorInfo
                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantChangeType, VariantClear, VariantInit
                                        SHELL32.dllSHBrowseForFolderA, SHBrowseForFolderW, SHGetDesktopFolder, SHGetMalloc, SHGetPathFromIDListA, SHGetPathFromIDListW
                                        USER32.dllAdjustWindowRectEx, BeginPaint, CallNextHookEx, CallWindowProcA, CallWindowProcW, CharLowerA, CharLowerW, ClientToScreen, CloseClipboard, CreateCaret, CreateIconFromResource, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, CreateWindowExW, DefWindowProcA, DefWindowProcW, DestroyCaret, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DrawEdge, DrawFocusRect, DrawFrameControl, DrawMenuBar, EmptyClipboard, EnableWindow, EndPaint, EnumWindows, FillRect, GetAsyncKeyState, GetCapture, GetClassLongPtrA, GetClientRect, GetClipboardData, GetClipboardOwner, GetCursorPos, GetDC, GetDesktopWindow, GetFocus, GetForegroundWindow, GetKeyState, GetKeyboardLayout, GetMenuCheckMarkDimensions, GetMenuItemCount, GetMessageA, GetMessagePos, GetParent, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetWindow, GetWindowLongPtrA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextW, InsertMenuA, InsertMenuW, InvalidateRect, IsClipboardFormatAvailable, IsIconic, IsWindow, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadCursorFromFileA, LoadIconA, MapVirtualKeyA, MessageBeep, MessageBoxA, MessageBoxW, MoveWindow, MsgWaitForMultipleObjectsEx, OpenClipboard, PeekMessageA, PostMessageA, PostQuitMessage, RegisterClassA, RegisterClassExA, RegisterClassW, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollWindowEx, SendInput, SendMessageA, SendMessageW, SetActiveWindow, SetCapture, SetCaretPos, SetClassLongPtrA, SetClipboardData, SetCursor, SetCursorPos, SetFocus, SetForegroundWindow, SetMenu, SetParent, SetScrollInfo, SetTimer, SetWindowLongPtrA, SetWindowLongPtrW, SetWindowPos, SetWindowTextA, SetWindowTextW, SetWindowsHookExA, ShowWindow, SystemParametersInfoA, ToAscii, TrackPopupMenu, TranslateMessage, UnhookWindowsHookEx, UnregisterClassA, UpdateWindow, VkKeyScanA, WaitForInputIdle, WindowFromPoint, wsprintfA, wsprintfW
                                        WS2_32.dllWSAAsyncSelect, WSACleanup, WSAGetLastError, WSAStartup, accept, bind, closesocket, connect, gethostbyaddr, gethostbyname, gethostname, getpeername, getservbyname, getsockname, getsockopt, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohs, recv, select, send, setsockopt, socket

                                        Exports

                                        NameOrdinalAddress
                                        TclKit_AppInit10x403000
                                        TclKit_SetKitPath20x403360

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        No network behavior found

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:15:42:26
                                        Start date:01/10/2024
                                        Path:C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe"
                                        Imagebase:0x4e0000
                                        File size:14'564'272 bytes
                                        MD5 hash:0E108F1745ADD2B9C9E0BE898A9F688F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:7.4%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:14.2%
                                          Total number of Nodes:2000
                                          Total number of Limit Nodes:101
                                          execution_graph 117859 507890 117860 5078b0 117859->117860 117861 50789e 117859->117861 117867 507900 SendMessageA 117860->117867 117868 5078da 117860->117868 117862 5111e0 117861->117862 117863 5111ae 117861->117863 117878 5111cb 117861->117878 117865 511260 117862->117865 117866 5111e8 117862->117866 117864 5112d0 117863->117864 117869 5111b7 117863->117869 117901 510790 117864->117901 117873 511275 DefWindowProcA 117865->117873 117865->117878 117866->117869 117871 5111f6 117866->117871 117867->117868 117869->117878 117879 510ff0 117869->117879 117875 510ff0 44 API calls 117871->117875 117871->117878 117872 5112da DefWindowProcA 117872->117878 117873->117878 117875->117878 117876 5112af 117877 5112b3 DefWindowProcA 117876->117877 117876->117878 117877->117878 117880 51100d 117879->117880 117885 5110a0 117879->117885 117881 5110c0 117880->117881 117883 511060 117880->117883 117884 51101b 117880->117884 117881->117885 117895 511110 117881->117895 117882 510790 29 API calls 117886 5110e5 117882->117886 117883->117885 117894 511068 117883->117894 117887 5110f0 117884->117887 117888 511027 117884->117888 117885->117882 117891 5110b0 117885->117891 117886->117876 117937 504c90 13 API calls 117887->117937 117893 511033 117888->117893 117888->117895 117890 511100 117890->117876 117891->117876 117892 51112d SendMessageA 117892->117891 117893->117891 117896 510790 29 API calls 117893->117896 117894->117891 117897 51107f 117894->117897 117895->117891 117895->117892 117898 511045 117896->117898 117936 4fda40 10 API calls 117897->117936 117898->117876 117900 511094 117900->117876 117902 5107cb 117901->117902 117903 51084e 117902->117903 117905 510911 117902->117905 117915 5107e5 117902->117915 117904 5109e4 117903->117904 117906 51085a 117903->117906 117904->117915 117938 504bd0 9 API calls 117904->117938 117905->117904 117909 51092f 117905->117909 117907 510bc0 BeginPaint EndPaint 117906->117907 117923 510863 117906->117923 117907->117915 117911 510946 117909->117911 117909->117915 117910 5109fd 117912 510a88 GetTickCount GetMessagePos ScreenToClient 117910->117912 117913 510efd 117910->117913 117917 510a3a 117910->117917 117916 510960 GetTickCount 117911->117916 117914 510b47 117912->117914 117933 510ca8 117912->117933 117940 510640 8 API calls 117913->117940 117922 510df5 IsDBCSLeadByte 117914->117922 117928 510b4d 117914->117928 117914->117933 117915->117872 117916->117915 117920 5108ac 117917->117920 117921 510a68 117917->117921 117919 510d29 PeekMessageA 117919->117915 117919->117933 117930 5108d0 117920->117930 117931 510da9 117920->117931 117921->117912 117924 510a73 117921->117924 117927 510f85 PeekMessageA 117922->117927 117922->117928 117923->117915 117923->117920 117926 5108c7 117923->117926 117924->117912 117925 510d58 GetMessageA 117925->117933 117926->117913 117926->117930 117927->117928 117929 510fab 117927->117929 117928->117915 117929->117928 117932 510fb9 GetMessageA 117929->117932 117930->117915 117935 5108d9 DestroyCaret 117930->117935 117939 510640 8 API calls 117931->117939 117932->117928 117933->117915 117933->117919 117933->117925 117935->117915 117936->117900 117937->117890 117938->117910 117939->117915 117940->117915 117941 618da0 117942 619212 117941->117942 117971 618e12 117941->117971 118090 64c280 117942->118090 117944 619217 118100 620530 _errno 117944->118100 117945 619472 118140 620530 _errno 117945->118140 117947 61905c 117953 61907d 117947->117953 117962 6191e0 117947->117962 117949 619044 117949->117947 117956 619639 117949->117956 117957 6193fd 117949->117957 117950 6192e0 118129 620530 _errno 117950->118129 117951 619248 117951->117949 117961 64c280 15 API calls 117951->117961 117952 619479 117952->117956 117964 64c280 15 API calls 117952->117964 118074 630910 117953->118074 117955 6194e2 118142 620530 _errno 117955->118142 118146 64c3c0 14 API calls 117956->118146 117963 630780 14 API calls 117957->117963 117959 6192e8 117967 6192c0 117959->117967 117970 64c280 15 API calls 117959->117970 117969 619261 117961->117969 117972 6191fa 117962->117972 117973 61966e 117962->117973 118010 618f7a 117962->118010 117963->117947 117974 619492 117964->117974 117966 619087 118082 63cc80 117966->118082 117967->117949 118118 630780 117967->118118 117968 6194e9 117968->117956 117980 64c280 15 API calls 117968->117980 118101 644f30 20 API calls 117969->118101 117976 619300 117970->117976 117971->117944 117971->117945 117971->117949 117971->117950 117971->117955 117997 619560 117971->117997 118008 619410 117971->118008 118019 6195c1 117971->118019 118029 619039 117971->118029 118030 619380 117971->118030 118032 618f64 117971->118032 118033 612770 117971->118033 118045 612e40 117971->118045 118065 618110 117971->118065 118088 615a80 14 API calls 117971->118088 118089 640dd0 14 API calls 117972->118089 118147 6319a0 15 API calls 117973->118147 118141 644f30 20 API calls 117974->118141 118130 644f30 20 API calls 117976->118130 117987 619501 117980->117987 117982 6192ac 117983 6192b5 117982->117983 118015 619359 117982->118015 118102 644bf0 117983->118102 118143 644f30 20 API calls 117987->118143 117995 619363 118132 644f30 20 API calls 117995->118132 117996 619683 118148 640dd0 14 API calls 117996->118148 117997->117949 118002 64c280 15 API calls 117997->118002 118000 619693 118149 64c3c0 14 API calls 118000->118149 118006 619571 118002->118006 118004 6193d8 118009 630780 14 API calls 118004->118009 118144 644f30 20 API calls 118006->118144 118134 630a00 118008->118134 118009->118010 118131 620550 38 API calls 118015->118131 118018 6190db 118020 6190f2 118018->118020 118022 6196f4 118018->118022 118025 619465 118018->118025 118019->117949 118021 64c280 15 API calls 118019->118021 118087 63cd70 14 API calls 118020->118087 118024 6195d2 118021->118024 118150 64c3c0 14 API calls 118022->118150 118145 644f30 20 API calls 118024->118145 118028 630780 14 API calls 118025->118028 118028->118020 118029->117949 118029->118030 118030->118032 118133 615a80 14 API calls 118030->118133 118032->118000 118032->118004 118032->118010 118043 6127ac 118033->118043 118044 6127b1 118033->118044 118034 612a28 memcpy 118034->118044 118036 612864 memcpy 118036->118044 118039 6129f8 memcpy 118039->118044 118041 612aa0 memcpy 118041->118044 118042 612b5a 118165 611710 118043->118165 118044->118034 118044->118036 118044->118039 118044->118041 118044->118042 118044->118043 118151 6125d0 118044->118151 118162 632530 118044->118162 118046 612eb2 118045->118046 118047 612e7c 118045->118047 118050 6131b8 118046->118050 118061 612e8f 118046->118061 118047->118061 122530 6444f0 18 API calls 118047->122530 118048 5bd0b0 16 API calls 118048->118061 118051 630a00 15 API calls 118050->118051 118053 612fa6 118051->118053 118052 613194 118057 5bd0f0 18 API calls 118052->118057 122531 6444f0 18 API calls 118053->122531 118055 612ea6 118055->118052 118055->118053 118056 612fae 118055->118056 118059 611710 14 API calls 118056->118059 118057->118056 118060 612fb8 118059->118060 118060->117971 118061->118048 118061->118052 118061->118053 118061->118055 118062 6125d0 713 API calls 118061->118062 118064 5bd0f0 18 API calls 118061->118064 122508 611e70 118061->122508 122532 6112f0 memcpy memcpy 118061->122532 118062->118061 118064->118061 118066 61833c 118065->118066 118073 618137 118065->118073 118067 611270 14 API calls 118067->118066 118068 6182e0 memcpy 118070 6182fd 118068->118070 118069 6182c0 memcpy 118069->118073 118070->118067 118071 632530 __iob_func __iob_func __iob_func abort 118071->118073 118072 618239 118072->117971 118073->118068 118073->118069 118073->118070 118073->118071 118073->118072 118075 64c280 15 API calls 118074->118075 118076 630923 118075->118076 118078 5bec10 14 API calls 118076->118078 118079 63095f 118076->118079 118077 630975 118077->117966 118080 630988 memcpy 118078->118080 118079->118077 122537 4e2460 malloc 118079->122537 118080->118079 118083 670440 14 API calls 118082->118083 118084 63cc94 118083->118084 118085 63ccda 118084->118085 118086 5becc0 16 API calls 118084->118086 118086->118085 118087->118010 118089->118010 118091 670850 7 API calls 118090->118091 118092 64c28a 118091->118092 118093 64c29d 118092->118093 118094 670440 14 API calls 118092->118094 118093->117944 118095 64c2cc 118094->118095 118095->118093 118095->118095 118096 64c337 malloc 118095->118096 118097 64c392 118096->118097 118098 64c353 118096->118098 118099 632530 4 API calls 118097->118099 118098->117944 118099->118098 118100->117951 118101->117982 118103 6439e0 15 API calls 118102->118103 118104 644c07 118103->118104 118105 644c50 118104->118105 118106 644c12 118104->118106 118107 630a00 15 API calls 118105->118107 118112 644c5d 118105->118112 118109 630a00 15 API calls 118106->118109 118110 644c2c 118106->118110 118114 644c81 118106->118114 118107->118112 118108 644c79 122538 644820 118108->122538 118109->118110 122555 644090 19 API calls 118110->122555 118112->118108 118116 644cd0 118112->118116 118114->117967 118115 644c3d 118115->117967 118117 644820 21 API calls 118116->118117 118117->118114 118120 630793 118118->118120 118119 630840 122558 64c3c0 14 API calls 118119->122558 118120->118119 118122 6307c4 118120->118122 118124 6307de 118122->118124 122559 64c3c0 14 API calls 118122->122559 118127 630824 118124->118127 122557 63ce90 14 API calls 118124->122557 118126 63086a 118126->118124 122560 64c3c0 14 API calls 118126->122560 118127->117949 118129->117959 118130->117982 118131->117995 118132->117949 118135 630a30 118134->118135 118136 630a15 118134->118136 118137 630a3d 118135->118137 118138 632530 4 API calls 118135->118138 118136->118018 118139 5bc8e0 15 API calls 118137->118139 118138->118137 118139->118136 118140->117952 118141->117983 118142->117968 118143->117983 118144->118015 118145->118015 118146->117947 118147->117996 118148->118010 118149->118010 118150->118020 118168 612580 118151->118168 118153 6125f0 118153->118044 118154 6125ea 118154->118153 118156 61266c 118154->118156 118244 611270 118154->118244 118156->118153 118157 61269b 118156->118157 118175 661860 ReadFile 118156->118175 118180 61dbd0 118156->118180 118222 4e17c0 118156->118222 118157->118153 118247 620530 _errno 118157->118247 122498 632440 118162->122498 118164 632552 118164->118044 118167 611735 118165->118167 118166 64cf80 14 API calls 118166->118167 118167->118166 118169 612594 118168->118169 118170 61258e 118168->118170 118248 620530 _errno 118169->118248 118170->118154 118172 6125a1 118172->118170 118249 6411b0 25 API calls 118172->118249 118174 6125c1 118174->118154 118176 6618a0 GetLastError 118175->118176 118177 66188c 118175->118177 118250 665090 118176->118250 118177->118157 118181 61dd80 118180->118181 118182 61dbf0 118180->118182 118306 644120 118181->118306 118252 670270 GetCurrentThreadId 118182->118252 118185 61dbf9 118187 61dc90 118185->118187 118188 61dc02 118185->118188 118190 63cc80 16 API calls 118187->118190 118298 61c7b0 27 API calls 118188->118298 118193 61dc98 118190->118193 118192 61dd0a 118196 630780 14 API calls 118192->118196 118198 61dd1e 118192->118198 118253 631460 118193->118253 118196->118198 118301 63cd70 14 API calls 118198->118301 118204 61dd35 118302 5bd0b0 118204->118302 118205 61dcc8 118299 61d8b0 17 API calls 118205->118299 118207 61dd26 118207->118157 118211 61dcd6 118218 61dceb 118211->118218 118300 616780 36 API calls 118211->118300 118213 61ddc0 118215 644120 17 API calls 118213->118215 118214 61dd4e 118216 61dd59 memcpy 118214->118216 118214->118218 118219 61ddd1 118215->118219 118216->118218 118218->118192 118221 630780 14 API calls 118218->118221 118318 616780 36 API calls 118219->118318 118221->118192 118223 4e1810 118222->118223 118224 4e17f0 118222->118224 122490 4e1570 118223->122490 118224->118157 118227 631460 15 API calls 118228 4e182c 118227->118228 118229 624b40 36 API calls 118228->118229 118230 4e1839 118229->118230 118231 640b80 16 API calls 118230->118231 118232 4e1844 118231->118232 118233 5bc5f0 712 API calls 118232->118233 118234 4e1855 118233->118234 118235 4e1859 118234->118235 118237 640fa0 17 API calls 118234->118237 122497 641580 15 API calls 118235->122497 118238 4e1888 118237->118238 118240 5bd0b0 16 API calls 118238->118240 118239 4e1864 118239->118224 118242 630780 14 API calls 118239->118242 118241 4e1895 118240->118241 118241->118235 118243 4e18a9 memcpy 118241->118243 118242->118224 118243->118235 118245 5bec10 14 API calls 118244->118245 118246 611282 118245->118246 118246->118156 118247->118153 118248->118172 118249->118174 118251 665098 118250->118251 118252->118185 118254 64c280 15 API calls 118253->118254 118255 61dc9f 118254->118255 118256 61ce40 118255->118256 118257 61cfd1 118256->118257 118258 61ce6f 118256->118258 118260 644120 17 API calls 118257->118260 118290 61cfba 118257->118290 118259 644120 17 API calls 118258->118259 118261 61ce7c 118259->118261 118260->118290 118319 641070 118261->118319 118264 63cc80 16 API calls 118265 61cecf 118264->118265 118324 5ba6b0 118265->118324 118268 61d003 118269 61ceef 118290->118204 118290->118205 118299->118211 118300->118218 118301->118207 118303 5bd0c9 118302->118303 118304 5bd0d3 118302->118304 118305 5bc7a0 16 API calls 118303->118305 118304->118213 118304->118214 118305->118304 118307 6441a0 118306->118307 118308 644130 118306->118308 118309 6441a5 strlen 118307->118309 118310 6441b0 118307->118310 118311 64c280 15 API calls 118308->118311 118309->118308 118312 64c280 15 API calls 118310->118312 118313 644135 118311->118313 118314 61dd91 118312->118314 118313->118314 118315 5bec10 14 API calls 118313->118315 118317 616780 36 API calls 118314->118317 118316 644178 memcpy 118315->118316 118316->118314 118317->118192 118318->118218 118355 5bec10 118319->118355 118322 640fa0 17 API calls 118323 61cec3 118322->118323 118323->118264 118386 5b9ea0 118324->118386 118326 5ba6e8 118327 5ba729 118326->118327 118328 624900 15 API calls 118326->118328 118327->118268 118327->118269 118329 5ba74e 118328->118329 118360 64bd90 118355->118360 118357 5bec1c 118358 5bec38 118357->118358 118359 632530 4 API calls 118357->118359 118358->118322 118359->118358 118369 670850 118360->118369 118363 64be40 malloc 118367 64bdf6 118363->118367 118368 64beae 118363->118368 118364 64bdc2 118364->118367 118364->118368 118379 670440 118364->118379 118366 64bf58 malloc 118366->118367 118366->118368 118367->118357 118367->118367 118368->118366 118368->118367 118368->118368 118370 670880 TlsAlloc 118369->118370 118376 67085f 118369->118376 118371 670865 TlsGetValue 118370->118371 118372 67089d 118370->118372 118373 64bda7 118371->118373 118374 6708b0 GetLastError 118371->118374 118375 632530 4 API calls 118372->118375 118373->118363 118373->118364 118373->118367 118374->118373 118377 6708ba 118374->118377 118375->118376 118376->118371 118378 632530 4 API calls 118377->118378 118378->118373 118381 67044e 118379->118381 118382 67046f LeaveCriticalSection 118381->118382 118383 5bec10 12 API calls 118381->118383 118385 670310 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 118381->118385 118382->118381 118384 67048b InitializeCriticalSection 118383->118384 118384->118381 118492 5b9dd0 118386->118492 118388 5ba1c8 118388->118326 118389 5b9ee0 118389->118388 118390 5ba3a0 118389->118390 118400 5ba0ab 118389->118400 118402 624900 15 API calls 118389->118402 118404 644120 17 API calls 118389->118404 118411 630a00 15 API calls 118389->118411 118425 630780 14 API calls 118389->118425 119813 64e820 20 API calls 118389->119813 118391 5ba600 118390->118391 118392 5ba696 118390->118392 118403 5ba3bc 118390->118403 118396 64c280 15 API calls 118391->118396 118391->118403 118394 632530 4 API calls 118392->118394 118395 5ba6a2 118394->118395 118397 5ba615 118396->118397 118419 5ba0cd 118400->118419 118511 522a70 118400->118511 118515 5ca4f0 118400->118515 118534 63ebd0 118400->118534 118552 4e28e0 118400->118552 118566 5c1c20 118400->118566 118597 68d394 118400->118597 118610 5cc5a0 118400->118610 118654 5c65a0 118400->118654 118672 5cc630 118400->118672 118716 5cc4a0 118400->118716 118760 63b410 118400->118760 118788 532aa0 118400->118788 118792 50ce20 118400->118792 118795 5cc430 118400->118795 118805 62d210 118400->118805 118816 64d2c0 118400->118816 118908 61af90 118400->118908 118922 5c20b0 118400->118922 118934 50cdbb 118400->118934 118937 5cc5b0 118400->118937 118979 5cd7f0 118400->118979 119022 569e30 118400->119022 119026 54fe50 118400->119026 119048 63f780 118400->119048 119051 5c2470 118400->119051 119065 625b80 118400->119065 119102 5c5780 118400->119102 119122 5cdd00 118400->119122 119134 569520 118400->119134 119139 5cc585 118400->119139 119183 60aad0 118400->119183 119244 62ceb0 118400->119244 119270 5c35d0 118400->119270 119295 50d218 118400->119295 119305 4e21f0 118400->119305 119320 4fc3f0 118400->119320 119332 4e2140 118400->119332 119347 4e2070 118400->119347 119358 5c2c50 118400->119358 119368 4e3d40 118400->119368 119374 61b0f0 118400->119374 119385 61bdd0 118400->119385 119409 5bd160 118400->119409 119453 5c2de5 118400->119453 119461 6941f8 118400->119461 119468 5c2860 118400->119468 119474 61a6f0 118400->119474 119512 5c29d0 118400->119512 119522 51a240 118400->119522 119537 63f140 118400->119537 119573 65b080 118400->119573 119579 539cb0 118400->119579 119590 61ad80 118400->119590 119611 5c2dc3 118400->119611 119617 6283b0 118400->119617 119689 5cc640 118400->119689 119735 61b1a0 118400->119735 119751 5c2992 118400->119751 119757 68d2f2 118400->119757 119773 5cd740 118400->119773 119782 523070 118400->119782 119786 60ce40 118400->119786 118402->118389 118506 624ad0 118403->118506 118404->118389 118408 5ba1bc 118408->118388 118414 640fa0 17 API calls 118408->118414 118411->118389 118413 5ba192 118413->118408 118424 630780 14 API calls 118413->118424 118414->118388 118419->118408 118419->118413 118420 5ba4dc 118419->118420 119814 64e820 20 API calls 118420->119814 118424->118413 118425->118389 118493 5b9ddd 118492->118493 118494 5b9de8 118493->118494 118495 5b9e50 118493->118495 118496 5b9e21 118494->118496 118498 5b9e04 118494->118498 119818 6411b0 25 API calls 118495->119818 118497 5b9e16 118496->118497 119817 6411b0 25 API calls 118496->119817 118497->118389 119816 6411b0 25 API calls 118498->119816 118502 5b9e41 118502->118389 118503 5b9e6a 119819 6416e0 118503->119819 118513 522a82 118511->118513 118514 522aef 118511->118514 118513->118514 118514->118419 118516 5ca540 118515->118516 118517 5ca510 118515->118517 118535 63ec60 118534->118535 118536 63ebe7 118534->118536 120082 60c640 32 API calls 118535->120082 120007 63e980 118536->120007 118553 4e28f4 118552->118553 118554 4e2913 118552->118554 118555 4e290a 118553->118555 118558 630910 17 API calls 118553->118558 118559 4e294d 118553->118559 120316 60c640 32 API calls 118554->120316 118555->118419 118558->118559 118567 5c1c3f 118566->118567 118568 5c1d70 118566->118568 118570 5c1c48 118567->118570 118571 5c1d15 118567->118571 120354 60c640 32 API calls 118568->120354 118598 68d2c0 118597->118598 118599 68d3a0 118597->118599 120410 60c640 32 API calls 118598->120410 118600 68d3a9 118599->118600 118603 68d5b4 118599->118603 118611 5cc59d 118610->118611 118619 5cc512 118610->118619 118612 5cc5c8 118611->118612 118613 5cc700 118611->118613 118617 5cc750 118619->118611 118619->118617 118620 5cc603 118619->118620 120461 60c5e0 118619->120461 118655 5c65bc 118654->118655 118656 5c65f5 118654->118656 118658 624ad0 36 API calls 118655->118658 118661 5c65df 118655->118661 120588 60c640 32 API calls 118656->120588 118658->118661 118676 5cc512 118672->118676 118715 5cc61f 118672->118715 118673 5cc59d 118676->118673 118678 60c5e0 37 API calls 118676->118678 118681 5cc750 118676->118681 118686 5cc603 118676->118686 118678->118676 118686->118715 118715->118419 118717 5cc700 118716->118717 118721 5cc4d1 118716->118721 118761 63b415 118760->118761 118763 63b448 118760->118763 118761->118763 118789 532b06 118788->118789 118790 532ac6 118788->118790 118789->118419 118790->118789 120748 532780 118790->120748 120801 50a2e0 118792->120801 118796 5cc461 118795->118796 118797 5cc442 118795->118797 120809 6220f0 118796->120809 120853 60c640 32 API calls 118797->120853 118806 62d59f 118805->118806 118811 62d21a 118805->118811 118807 64c280 15 API calls 118806->118807 118808 62c715 118808->118419 118811->118808 120952 62b100 118811->120952 118817 64d2dc 118816->118817 118818 64d531 118817->118818 118819 64d2e8 118817->118819 118909 61afaa 118908->118909 118911 61afd1 118908->118911 121050 60c640 32 API calls 118909->121050 118912 61afc6 118911->118912 118913 631a00 36 API calls 118911->118913 118912->118419 118923 5c20b5 118922->118923 118924 5c20e0 118922->118924 118925 5c20be 118923->118925 118926 5c225f 118923->118926 121090 60c640 32 API calls 118924->121090 121284 5079f0 118934->121284 118938 5cc5b4 118937->118938 118939 5cc5c8 118938->118939 118940 5cc700 118938->118940 118980 5cd818 118979->118980 119011 5cd886 118979->119011 119023 569e39 119022->119023 119027 54fe79 119026->119027 121379 63d710 119048->121379 119052 5c2486 119051->119052 119053 5c2540 119051->119053 119054 5c248c 119052->119054 119055 5c24c5 119052->119055 121398 60c640 32 API calls 119053->121398 119066 625bba 119065->119066 119092 625bd0 119065->119092 119067 635de0 32 API calls 119066->119067 119067->119092 119069 625bd4 119069->118419 119070 670440 14 API calls 119070->119092 119077 654e40 18 API calls 119077->119092 119078 654f10 17 API calls 119078->119092 119088 626400 isalpha 119088->119092 119089 6411b0 25 API calls 119089->119092 119090 630780 14 API calls 119090->119092 119091 626236 119092->119069 119092->119070 119092->119077 119092->119078 119092->119088 119092->119089 119092->119090 119092->119091 119095 5bec10 14 API calls 119092->119095 121399 654f10 119092->121399 121407 651c50 119092->121407 121411 621bb0 119092->121411 121469 651770 memcpy 119092->121469 121470 651770 memcpy 119092->121470 121471 60c640 32 API calls 119092->121471 121472 640d00 16 API calls 119092->121472 121473 60e500 41 API calls 119092->121473 121476 6206a0 44 API calls 119092->121476 121477 624ca0 36 API calls 119092->121477 119104 5c59a3 119102->119104 119108 5c57a3 119102->119108 121616 6411b0 25 API calls 119104->121616 119106 5c58a7 119106->118419 119108->119104 119108->119106 119109 5c5971 119108->119109 119110 5c58c1 119108->119110 119116 5c5860 119108->119116 121607 5baf70 119108->121607 119109->119106 119123 5cdda9 119122->119123 119132 5cdd23 119122->119132 119125 5cddae 119123->119125 119126 5cde00 119123->119126 119124 60c5e0 37 API calls 119124->119132 119129 5cddc5 119129->118419 119132->119123 119132->119124 119132->119129 119133 632530 4 API calls 119132->119133 119133->119132 119135 569530 119134->119135 119138 569550 119134->119138 121734 569090 119135->121734 119138->118419 119153 5cc512 119139->119153 119140 5cc59d 119142 5cc750 119145 60c5e0 37 API calls 119145->119153 119149 5cc603 119153->119140 119153->119142 119153->119145 119153->119149 119184 60b440 119183->119184 119188 60aaf6 119183->119188 121783 60c640 32 API calls 119184->121783 119187 60c5e0 37 API calls 119187->119188 119188->119187 119191 60abb7 119188->119191 119196 60ae8c 119188->119196 119191->119184 119245 62d2b0 119244->119245 119247 62ceba 119244->119247 119271 5c35fd 119270->119271 119272 5c35f7 119270->119272 119272->119271 119296 50d228 119295->119296 119297 50eae2 119296->119297 119298 50e358 SendMessageA 119296->119298 119300 50cc7d 119296->119300 119298->119300 119300->118419 119306 4e2150 119305->119306 119307 4e215c 119306->119307 119312 4e2083 119306->119312 119321 526490 strcmp 119320->119321 119322 4fc428 119321->119322 119333 4e214a 119332->119333 119334 4e2173 119332->119334 119335 4e215c 119333->119335 119338 4e2083 119333->119338 119354 4e2083 119347->119354 119348 5bd0b0 16 API calls 119348->119354 119349 4e1fb3 119352 5bd0f0 18 API calls 119352->119354 119354->119348 119354->119349 119354->119352 119359 5c2c59 119358->119359 119360 5c27f5 119358->119360 121903 5c17e0 119359->121903 121917 60c640 32 API calls 119360->121917 119369 4e3e60 119368->119369 119370 4e3d63 119368->119370 119369->118419 119371 4e3dc1 119370->119371 119373 5bc5f0 713 API calls 119370->119373 119371->118419 119375 61b130 119374->119375 119376 61b103 119374->119376 119378 61b150 119375->119378 121983 615010 119375->121983 121999 60c640 32 API calls 119376->121999 119378->118419 119386 61bf62 119385->119386 119398 61bdef 119385->119398 122016 60c640 32 API calls 119386->122016 119389 61be2d 119394 61bf49 119394->118419 119396 64c280 15 API calls 119396->119398 119398->119389 119398->119394 119398->119396 119400 5bec10 14 API calls 119398->119400 119401 630780 14 API calls 119398->119401 119406 644b00 26 API calls 119398->119406 119400->119398 119401->119398 119406->119398 119410 5bd193 119409->119410 119411 5bd230 119409->119411 119412 60c5e0 37 API calls 119410->119412 122020 60c640 32 API calls 119411->122020 119454 5c27fc 119453->119454 119455 5c2df5 119453->119455 122033 60c640 32 API calls 119454->122033 119457 637580 88 API calls 119455->119457 119462 69422c 119461->119462 119463 69421f 119461->119463 122041 640d00 16 API calls 119462->122041 119463->119462 119464 69424c 119463->119464 119469 5c27f5 119468->119469 119470 5c2865 119468->119470 122061 60c640 32 API calls 119469->122061 122052 5c0d90 119470->122052 119475 61a714 119474->119475 119476 61a86a 119474->119476 119478 61a860 119475->119478 119482 61a739 119475->119482 119483 61a77d 119475->119483 122071 60c640 32 API calls 119476->122071 119478->119476 119478->119483 119482->119483 119513 5c29d9 119512->119513 119514 5c27f5 119512->119514 119523 51a279 119522->119523 119552 63f18e 119537->119552 119538 63f449 119567 63f46b 119538->119567 119540 63f1df 119540->119538 119542 63f1ea memset 119540->119542 119552->119538 119552->119540 119552->119542 119557 63f682 119552->119557 119552->119567 119567->118419 119574 65b089 119573->119574 119577 65b0a0 119573->119577 122124 60c640 32 API calls 119574->122124 122097 65a990 119577->122097 119581 539cc3 119579->119581 119588 539e6e 119579->119588 119580 53a0d0 119580->119588 119581->119580 119582 539d05 strcmp 119581->119582 119582->119581 119588->118419 119591 61ada0 119590->119591 119594 61add0 119590->119594 122277 60c640 32 API calls 119591->122277 119595 61ae40 119594->119595 119596 61ae02 119594->119596 119599 61ae79 119594->119599 119596->119599 119612 5c2dcc 119611->119612 119613 5c27f5 119611->119613 119614 5c0d90 89 API calls 119612->119614 122303 60c640 32 API calls 119613->122303 119627 6283e0 119617->119627 119676 628ed5 119617->119676 119619 628859 119621 628efb 119622 624ad0 36 API calls 119622->119627 119623 644120 17 API calls 119623->119627 119624 624a40 36 API calls 119624->119627 119626 628f26 119627->119619 119627->119621 119627->119622 119627->119623 119627->119624 119627->119626 119628 630780 14 API calls 119627->119628 119629 5bec10 14 API calls 119627->119629 119630 6284d5 strncmp 119627->119630 119631 630910 17 API calls 119627->119631 119632 62858f 119627->119632 119633 624900 15 API calls 119627->119633 119634 6416e0 36 API calls 119627->119634 119635 629240 119627->119635 119639 6292e8 119627->119639 119642 628d07 qsort 119627->119642 119643 628a61 119627->119643 119648 64c280 15 API calls 119627->119648 119650 629213 119627->119650 119653 644f30 20 API calls 119627->119653 119654 624b40 36 API calls 119627->119654 119658 6411b0 25 API calls 119627->119658 119664 63cc80 16 API calls 119627->119664 119665 5ba6b0 708 API calls 119627->119665 119666 640fa0 17 API calls 119627->119666 119667 628ec0 119627->119667 119671 628ec8 119627->119671 119672 62913e 119627->119672 119679 624d10 36 API calls 119627->119679 122304 63cd70 14 API calls 119627->122304 122306 5f24b0 20 API calls 119627->122306 119628->119627 119629->119627 119630->119627 119631->119627 119633->119627 119634->119627 119642->119627 119648->119627 119653->119627 119654->119627 119658->119627 119664->119627 119665->119627 119666->119627 122308 60c640 32 API calls 119676->122308 119679->119627 119690 5cc64d 119689->119690 119691 5cc5b4 119689->119691 119701 5cc676 119690->119701 122313 655840 26 API calls 119690->122313 119692 5cc5c8 119691->119692 119693 5cc700 119691->119693 119736 61b1b2 119735->119736 119738 61b1d5 119735->119738 119752 5c299b 119751->119752 119753 5c27f5 119751->119753 119758 68d2fb 119757->119758 119759 68d4d0 119757->119759 119774 5cd7c5 119773->119774 119775 5cd756 119773->119775 119783 523087 119782->119783 119783->119783 119787 60d030 119786->119787 119788 60ce85 memcpy memcpy 119786->119788 119813->118389 119814->118408 119816->118497 119817->118502 119818->118503 119822 641680 119819->119822 119831 6306d0 119822->119831 119832 64c280 15 API calls 119831->119832 119833 6306d9 119832->119833 121050->118912 121380 63d74b 121379->121380 121469->119092 121471->119092 121473->119092 121476->119092 121477->119092 122124->119577 122304->119627 122306->119627 122308->119621 122313->119701 122491 630910 17 API calls 122490->122491 122492 4e1586 122491->122492 122493 624b40 36 API calls 122492->122493 122494 4e159b 122493->122494 122495 624b40 36 API calls 122494->122495 122496 4e15ab 122495->122496 122496->118227 122497->118239 122499 6324a3 __iob_func 122498->122499 122500 63247a 122498->122500 122501 6e9708 122499->122501 122500->118164 122502 632508 __iob_func 122501->122502 122503 6e9700 122502->122503 122504 632519 __iob_func 122503->122504 122505 6e9710 122504->122505 122506 632525 abort 122505->122506 122507 632530 122506->122507 122507->118164 122517 611ebf 122508->122517 122509 6120fb 122510 644690 16 API calls 122509->122510 122511 61212a 122510->122511 122512 61213c 122511->122512 122513 644690 16 API calls 122511->122513 122533 6112f0 memcpy memcpy 122512->122533 122514 6122a4 122513->122514 122514->122512 122535 6444f0 18 API calls 122514->122535 122516 6122e2 122524 632530 4 API calls 122516->122524 122517->122509 122517->122512 122517->122516 122520 6120af memcpy 122517->122520 122523 611f19 122517->122523 122519 612181 122519->122516 122522 612198 122519->122522 122525 612218 122519->122525 122521 6120d6 122520->122521 122526 611e70 21 API calls 122521->122526 122534 6112f0 memcpy memcpy 122522->122534 122523->118061 122524->122525 122525->122523 122536 6112f0 memcpy memcpy 122525->122536 122526->122509 122529 6123a9 122530->118061 122531->118056 122532->118061 122533->122519 122534->122525 122535->122512 122536->122529 122537->118077 122539 644940 122538->122539 122540 64483b 122538->122540 122541 64488b 122539->122541 122542 644949 strlen 122539->122542 122540->122541 122543 644960 122540->122543 122544 64484f 122540->122544 122541->118114 122542->122543 122545 632530 4 API calls 122543->122545 122548 6448f0 122544->122548 122550 6448b5 122544->122550 122553 64485a memcpy 122544->122553 122546 644976 122545->122546 122549 644690 16 API calls 122548->122549 122552 6448cb 122549->122552 122551 644690 16 API calls 122550->122551 122551->122552 122552->122553 122556 6444f0 18 API calls 122552->122556 122553->122541 122555->118115 122556->122553 122558->118124 122559->118126 122560->118126 122561 6102e0 122565 6109ba 122561->122565 122573 6102e9 122561->122573 122562 610a63 sprintf 122564 610a43 122562->122564 122563 610172 122564->122562 122568 610a87 122564->122568 122565->122563 122566 630780 14 API calls 122565->122566 122566->122563 122567 6108b4 122567->122564 122571 6108d1 122567->122571 122569 644120 17 API calls 122568->122569 122572 610a94 122569->122572 122570 60c5e0 37 API calls 122570->122573 122578 60e7c0 122571->122578 122573->122563 122573->122564 122573->122567 122573->122570 122575 6108e1 122575->122565 122576 6108ea 122575->122576 122614 640dd0 14 API calls 122576->122614 122579 624ad0 36 API calls 122578->122579 122580 60e7e6 122579->122580 122581 624900 15 API calls 122580->122581 122588 60e82b 122580->122588 122593 60ea92 122580->122593 122582 60e808 122581->122582 122753 60d100 41 API calls 122582->122753 122584 60e816 122587 60eaa3 122584->122587 122584->122588 122585 60ea70 122795 6411b0 25 API calls 122585->122795 122586 60e881 122615 5b8c00 122586->122615 122591 630780 14 API calls 122587->122591 122588->122585 122588->122586 122588->122593 122594 60ea47 122591->122594 122593->122575 122597 630780 14 API calls 122594->122597 122602 60e96e 122594->122602 122597->122602 122602->122575 122614->122563 122796 5fb0e0 122615->122796 122753->122584 122795->122593 122797 5fb0ee 122796->122797 122798 5fb120 122796->122798 122800 5fb0f8 122797->122800 122816 670290 122797->122816 122799 632530 4 API calls 122798->122799 122799->122797 122819 670270 GetCurrentThreadId 122800->122819 122804 62ed5b 122806 670440 14 API calls 122804->122806 122808 62ed6a 122806->122808 122817 67029f InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 122816->122817 122818 6702cb 122816->122818 122817->122818 122819->122804 122868 670d61 122869 670ea5 122868->122869 122870 670d7d 122868->122870 122872 670290 3 API calls 122869->122872 122871 670d87 _ftime64 122870->122871 122874 670dba EnterCriticalSection QueryPerformanceCounter 122870->122874 122873 670da5 122871->122873 122879 670eaa 122872->122879 122876 670e26 LeaveCriticalSection 122874->122876 122877 670ee3 LeaveCriticalSection 122874->122877 122875 670ec0 QueryPerformanceFrequency 122878 670ef5 7 API calls 122875->122878 122875->122879 122876->122873 122877->122871 122878->122879 122880 6709d0 GetSystemTimeAsFileTime QueryPerformanceCounter QueryPerformanceFrequency 122878->122880 122879->122875 122881 670a42 122880->122881 122881->122881 122882 670a5f SetEvent 122881->122882 122883 670ab0 122882->122883 122884 670c90 122883->122884 122885 670ab8 WaitForSingleObjectEx 122883->122885 122887 670c6a LeaveCriticalSection 122883->122887 122885->122884 122886 670ad8 QueryPerformanceCounter GetSystemTimeAsFileTime EnterCriticalSection 122885->122886 122886->122883 122886->122884 122887->122883 122888 668d20 122919 622860 122888->122919 122920 5ff698 122921 5ff6c1 122920->122921 122922 6021a5 122920->122922 122923 624ad0 36 API calls 122921->122923 122925 5ff6de 122923->122925 122924 6021a0 122926 64c280 15 API calls 122924->122926 122925->122922 122925->122924 122938 5fe3cf 122925->122938 122926->122922 122928 631460 15 API calls 122928->122938 122929 5f2220 20 API calls 122929->122938 122930 630910 17 API calls 122930->122938 122931 64c3c0 14 API calls 122931->122938 122933 630780 14 API calls 122933->122938 122934 60627a 122943 64c3c0 14 API calls 122934->122943 122936 657fe0 38 API calls 122936->122938 122937 6062a3 122938->122928 122938->122929 122938->122930 122938->122931 122938->122933 122938->122934 122938->122936 122939 64c280 15 API calls 122938->122939 122940 632530 4 API calls 122938->122940 122941 5f24b0 20 API calls 122938->122941 122942 5fc1b0 36 API calls 122938->122942 122939->122938 122940->122938 122941->122938 122942->122938 122943->122937 122944 585110 GetWindowLongPtrA 122946 58513e 122944->122946 122949 585190 122944->122949 122945 585165 DefWindowProcA 122946->122945 122947 5851c0 GetSysColor 122950 5882b0 sprintf 122947->122950 122949->122945 122949->122946 122949->122947 122950->122949 122951 684e60 122955 683c7a 122951->122955 122957 684237 122951->122957 122952 684212 malloc 122952->122957 122953 685000 memcpy 122953->122957 122954 6842f6 memcpy 122956 685081 memcpy 122954->122956 122954->122957 122956->122957 122957->122952 122957->122953 122957->122954 122957->122955 122957->122956 122958 5fad50 122959 5bec10 14 API calls 122958->122959 122960 5fad66 122959->122960 122961 640fa0 17 API calls 122960->122961 122962 5fad71 122961->122962 122963 641e20 22 API calls 122962->122963 122964 5fad81 122963->122964 122965 5fadb1 122964->122965 122974 64d090 14 API calls 122964->122974 122967 640a30 15 API calls 122965->122967 122970 6413f4 122967->122970 122968 641560 122969 641484 122970->122968 122971 630780 14 API calls 122970->122971 122972 64144f 122970->122972 122971->122972 122972->122969 122973 630780 14 API calls 122972->122973 122973->122969 122974->122965 122975 50b600 122976 50b640 122975->122976 122983 50ba55 122975->122983 122977 50b646 122976->122977 122978 50b6d0 122976->122978 122979 50b661 122977->122979 122984 50b845 122977->122984 122995 50b6e4 122977->122995 122980 50bc0f 122978->122980 122987 50b6bf 122978->122987 122978->122995 122982 50b676 122979->122982 122979->122995 123009 59ae00 122980->123009 122981 50bcd2 123038 5a0300 122981->123038 122982->122987 122989 50b68e IsWindowVisible 122982->122989 122983->122987 122993 50bdc6 GetClientRect 122983->122993 122984->122987 122988 50bc50 6 API calls 122984->122988 122986 50b7a3 122986->122981 122986->122987 122990 50b802 122986->122990 123001 50b7d9 SendMessageA 122986->123001 122988->122981 122991 50bd70 GetWindowPlacement 122989->122991 122992 50b6a7 122989->122992 122990->122987 123002 50bd60 SetFocus 122990->123002 123003 50b973 122990->123003 122991->122992 122999 50bd94 122991->122999 122992->122987 123005 506230 ShowWindow 122992->123005 123037 505ea0 122993->123037 122995->122981 122995->122983 122995->122986 122995->122987 122998 50be0e MoveWindow 122998->122987 122999->122983 122999->122993 123035 506100 ShowWindow 122999->123035 123001->122987 123001->122990 123002->122987 123004 510ff0 44 API calls 123003->123004 123004->122987 123006 5062aa 123005->123006 123007 50626b 123005->123007 123006->122987 123060 4e4e40 17 API calls 123007->123060 123010 59b076 123009->123010 123011 59ae20 SystemParametersInfoA 123009->123011 123012 59afb0 123011->123012 123013 59ae64 SystemParametersInfoA 123011->123013 123016 59a210 22 API calls 123012->123016 123014 59ae8b GetDC GetDeviceCaps MulDiv MulDiv ReleaseDC 123013->123014 123015 59b054 123013->123015 123061 59a210 CreateFontIndirectA 123014->123061 123018 59a210 22 API calls 123015->123018 123019 59afcc 123016->123019 123018->123010 123021 59a210 22 API calls 123019->123021 123020 59af74 123023 59af80 GetStockObject 123020->123023 123028 59afa1 123020->123028 123022 59afe1 123021->123022 123024 59a210 22 API calls 123022->123024 123064 59a1a0 123023->123064 123026 59aff6 123024->123026 123027 59a210 22 API calls 123026->123027 123029 59b00f 123027->123029 123028->122987 123030 59a210 22 API calls 123029->123030 123031 59b028 123030->123031 123032 59a210 22 API calls 123031->123032 123033 59b03e 123032->123033 123034 59a210 22 API calls 123033->123034 123034->123015 123036 50613c 123035->123036 123036->122983 123037->122998 123039 5a0334 123038->123039 123040 5a03c0 123039->123040 123041 5a0341 123039->123041 123045 54fda0 33 API calls 123040->123045 123051 5a0353 123040->123051 123042 5a034d 123041->123042 123043 5a0455 123041->123043 123047 54fda0 33 API calls 123042->123047 123042->123051 123044 54fda0 33 API calls 123043->123044 123046 5a045d 123044->123046 123054 5a05e5 123045->123054 123048 5a0939 123046->123048 123046->123051 123056 5a046f 123046->123056 123050 5a0561 123047->123050 123048->123051 123105 59e300 10 API calls 123048->123105 123050->123051 123052 5a0973 123050->123052 123053 5a05a4 123050->123053 123051->122990 123057 59d6c0 6 API calls 123052->123057 123103 59e300 10 API calls 123053->123103 123054->123051 123058 5a0658 strcmp 123054->123058 123056->123051 123104 59e240 10 API calls 123056->123104 123057->123051 123058->123051 123058->123054 123060->123006 123062 59a1a0 20 API calls 123061->123062 123063 59a241 DeleteObject 123062->123063 123063->123020 123065 59a1c5 123064->123065 123070 599f90 123065->123070 123067 59a1d6 123083 599550 123067->123083 123071 599fba 123070->123071 123072 599fbe GetDC SelectObject GetTextMetricsA 123070->123072 123071->123072 123073 599ff1 123072->123073 123074 59a00f GetTextFaceA 123073->123074 123075 59a180 GetTextFaceW 123073->123075 123078 59a045 123074->123078 123076 59a190 GetCharWidthW 123075->123076 123077 59a141 SelectObject ReleaseDC 123076->123077 123077->123067 123087 5999b0 123078->123087 123081 59a101 123081->123076 123082 59a13b GetCharWidthA 123081->123082 123082->123077 123084 59959b 123083->123084 123086 599567 123083->123086 123084->123020 123085 599572 DeleteObject 123085->123086 123086->123084 123086->123085 123088 5999ee 123087->123088 123089 599a21 GetTextFaceA 123088->123089 123090 599df0 GetTextFaceW 123088->123090 123095 599a4c 123089->123095 123091 599e00 123090->123091 123092 599e12 GetFontData 123091->123092 123093 599f06 GetTextCharset 123092->123093 123101 599b48 123092->123101 123093->123101 123094 599bc3 GetFontData 123094->123101 123096 599a92 123095->123096 123097 599abc memset 123095->123097 123096->123081 123098 599af9 123097->123098 123098->123091 123100 599b16 GetFontData 123098->123100 123099 599c1f GetFontData 123099->123101 123100->123093 123100->123101 123101->123094 123101->123099 123102 599d45 GetFontData GetFontData 123101->123102 123102->123101 123103->123046 123104->123051 123105->123051 123106 6af6fc 123107 6af7c8 123106->123107 123114 6accfc 123107->123114 123109 6af7e1 123118 6adb64 123109->123118 123111 6af80c 123113 6af8dd 123111->123113 123122 6b1f40 123111->123122 123115 6acd1b 123114->123115 123117 6acd25 123114->123117 123128 6ef500 malloc 123115->123128 123117->123109 123119 6adb7f 123118->123119 123121 6adb9b 123119->123121 123137 6ef370 123119->123137 123121->123111 123123 6b1f85 123122->123123 123125 6b1fbd 123123->123125 123141 6a7598 123123->123141 123125->123113 123126 6b1ff9 memcpy 123127 6b1fda 123126->123127 123127->123125 123127->123126 123129 6ef53a 123128->123129 123130 6ef521 123128->123130 123129->123117 123131 6ef52b malloc 123130->123131 123133 6ef540 123130->123133 123131->123129 123131->123130 123136 6f03c0 abort abort abort 123133->123136 123135 6ef56e 123136->123135 123138 6ef3ce 123137->123138 123139 6ef500 5 API calls 123138->123139 123140 6ef3e3 123139->123140 123140->123121 123142 6a75b0 123141->123142 123143 6a75ef 123142->123143 123144 6ef370 5 API calls 123142->123144 123143->123127 123144->123143 123145 656e3d 123150 656e46 123145->123150 123147 657385 123155 64c3c0 14 API calls 123147->123155 123149 657318 123151 630780 14 API calls 123149->123151 123150->123147 123152 656f23 123150->123152 123153 656f48 123150->123153 123154 63ce90 14 API calls 123150->123154 123151->123153 123152->123147 123152->123149 123152->123153 123155->123153 123156 5a0bc0 123157 5a0300 50 API calls 123156->123157 123158 5a0bfa 123157->123158 123159 5a0bfe 123158->123159 123160 5a0c10 DefWindowProcA 123158->123160 123161 69a3b3 123166 694780 123161->123166 123163 69a3c6 123164 68d866 14 API calls 123163->123164 123165 69a49f 123164->123165 123167 69482f 123166->123167 123193 6944ea 123167->123193 123169 694864 123170 6948b4 123169->123170 123172 694b1d 123169->123172 123197 693f6a 123169->123197 123173 6306d0 15 API calls 123170->123173 123174 6948d3 123170->123174 123172->123163 123177 694920 123173->123177 123175 694b35 123174->123175 123191 694997 123174->123191 123176 694b48 123175->123176 123187 694c1c 123175->123187 123204 691a72 20 API calls 123176->123204 123201 6eccd0 14 API calls 123177->123201 123180 694b84 123182 694be9 123180->123182 123184 694ba7 123180->123184 123206 694032 15 API calls 123182->123206 123205 631490 __iob_func __iob_func __iob_func abort 123184->123205 123187->123172 123189 631460 15 API calls 123187->123189 123207 691a72 20 API calls 123187->123207 123208 694032 15 API calls 123187->123208 123189->123187 123191->123172 123192 631460 15 API calls 123191->123192 123202 69408c 17 API calls 123191->123202 123203 694032 15 API calls 123191->123203 123192->123191 123194 694599 123193->123194 123209 69445a 123194->123209 123196 6945bd 123196->123169 123198 693f94 123197->123198 123200 693fc0 123197->123200 123199 60c5e0 37 API calls 123198->123199 123199->123200 123200->123170 123201->123174 123202->123191 123203->123191 123204->123180 123205->123172 123206->123172 123207->123187 123208->123187 123212 691f7d 123209->123212 123211 694481 123211->123196 123213 68d7f0 14 API calls 123212->123213 123214 691f96 123213->123214 123215 691ff8 123214->123215 123216 691fec 123214->123216 123227 6920f7 16 API calls 123214->123227 123220 630a00 15 API calls 123215->123220 123225 69208f 123215->123225 123228 691ebe 14 API calls 123216->123228 123219 68d866 14 API calls 123221 6920ec 123219->123221 123222 692039 123220->123222 123221->123211 123229 690aa8 7 API calls 123222->123229 123224 69206b 123224->123225 123226 692081 atoi 123224->123226 123225->123219 123226->123225 123227->123216 123228->123215 123229->123224 123230 5fdf43 123231 5fdf6c 123230->123231 123232 60291f 123230->123232 123233 60124c 123231->123233 123237 5b9ea0 713 API calls 123231->123237 123241 60116e 123231->123241 123235 630780 14 API calls 123232->123235 123238 60296f 123232->123238 123234 64c280 15 API calls 123233->123234 123234->123232 123235->123238 123240 5fdfeb 123237->123240 123289 64c3c0 14 API calls 123238->123289 123239 60323b 123240->123241 123254 601027 123240->123254 123257 5fe047 123240->123257 123242 640fa0 17 API calls 123241->123242 123243 60123f 123242->123243 123245 64c280 15 API calls 123243->123245 123244 6010f8 123245->123233 123246 6011d7 123287 64c3c0 14 API calls 123246->123287 123247 5feae9 123247->123246 123248 5feb8b 123247->123248 123279 5fcab1 123247->123279 123253 630780 14 API calls 123248->123253 123249 630780 14 API calls 123249->123254 123250 5fe0dd 123250->123247 123250->123254 123253->123279 123254->123244 123254->123249 123261 64c280 15 API calls 123254->123261 123288 64c3c0 14 API calls 123254->123288 123255 600f6f 123256 632530 4 API calls 123255->123256 123259 600f7b 123256->123259 123257->123247 123257->123250 123257->123254 123260 630780 14 API calls 123257->123260 123257->123279 123286 64c3c0 14 API calls 123257->123286 123262 644120 17 API calls 123259->123262 123260->123257 123261->123254 123263 600f95 123262->123263 123285 640dd0 14 API calls 123263->123285 123264 5fcf50 123266 5fd220 123274 630780 14 API calls 123266->123274 123281 5fd22f 123266->123281 123267 600fa5 123269 6416e0 36 API calls 123267->123269 123268 5fd0c5 123283 64c3c0 14 API calls 123268->123283 123270 600fd0 123269->123270 123272 630780 14 API calls 123272->123279 123273 5fd274 123276 5fd30c 123273->123276 123277 5fd2cc __iob_func fprintf 123273->123277 123274->123266 123275 64c3c0 14 API calls 123275->123279 123278 632530 4 API calls 123277->123278 123278->123276 123279->123255 123279->123264 123279->123266 123279->123268 123279->123272 123279->123275 123280 630780 14 API calls 123280->123281 123281->123273 123281->123280 123284 64c3c0 14 API calls 123281->123284 123283->123264 123284->123281 123285->123267 123286->123257 123287->123279 123288->123254 123289->123239 123290 69a434 123295 695f54 123290->123295 123292 69a447 123293 68d866 14 API calls 123292->123293 123294 69a49f 123293->123294 123296 696002 123295->123296 123297 693f6a 37 API calls 123296->123297 123298 696038 123297->123298 123299 6961ba 123298->123299 123301 696047 123298->123301 123303 696079 123298->123303 123300 630a00 15 API calls 123299->123300 123300->123301 123301->123292 123302 69408c 17 API calls 123302->123303 123303->123301 123303->123302 123304 4e14d0 123309 6e19f0 123304->123309 123306 4e14e6 123313 4e11b0 123306->123313 123308 4e14eb 123310 6e1a19 123309->123310 123311 6e1a30 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 123309->123311 123310->123306 123312 6e1a8d 123311->123312 123312->123306 123314 4e1490 GetStartupInfoA 123313->123314 123315 4e11e5 123313->123315 123329 4e1411 123314->123329 123316 4e120d Sleep 123315->123316 123317 4e1222 123315->123317 123316->123315 123318 4e145c _initterm 123317->123318 123319 4e1255 123317->123319 123317->123329 123318->123319 123330 6e1ff0 123319->123330 123321 4e127d SetUnhandledExceptionFilter 123360 6e24a0 123321->123360 123323 4e1336 malloc 123324 4e1364 123323->123324 123323->123329 123325 4e1370 strlen malloc memcpy 123324->123325 123325->123325 123327 4e13a2 123325->123327 123326 4e1299 123326->123323 123328 4e1406 _cexit 123327->123328 123327->123329 123328->123329 123329->123308 123331 6e200b 123330->123331 123334 6e2020 123330->123334 123331->123321 123332 6e2144 123332->123331 123353 6e2193 VirtualQuery 123332->123353 123333 6e22dd 123368 6e1e10 13 API calls 123333->123368 123334->123331 123334->123332 123334->123333 123339 6e220e 123334->123339 123346 6e2290 123334->123346 123336 6e22e9 123337 6e22fd 123336->123337 123338 6e2360 123336->123338 123342 6e237f signal 123337->123342 123343 6e2304 123337->123343 123340 6e236b 123338->123340 123341 6e2430 123338->123341 123366 6e1e10 13 API calls 123339->123366 123344 6e236d 123340->123344 123345 6e23b0 123340->123345 123351 6e2449 signal 123341->123351 123357 6e2341 123341->123357 123347 6e2408 signal 123342->123347 123342->123357 123343->123345 123349 6e23f7 123343->123349 123352 6e2315 123343->123352 123344->123342 123344->123349 123345->123349 123350 6e23be signal 123345->123350 123367 6e1e10 13 API calls 123346->123367 123347->123349 123349->123321 123354 6e246a signal 123350->123354 123350->123357 123351->123357 123352->123349 123355 6e232b signal 123352->123355 123353->123346 123356 6e21ac VirtualProtect 123353->123356 123354->123357 123355->123357 123359 6e2480 signal 123355->123359 123356->123332 123357->123321 123359->123357 123361 6e24af 123360->123361 123363 6e24dc 123361->123363 123369 6e2a50 strncmp 123361->123369 123363->123326 123364 6e24d7 123364->123363 123365 6e2570 RtlAddFunctionTable 123364->123365 123365->123363 123366->123346 123367->123333 123368->123336 123369->123364 123370 6968b6 123371 630a00 15 API calls 123370->123371 123373 6968dc 123371->123373 123372 696924 123373->123372 123374 619750 713 API calls 123373->123374 123375 69697d 123374->123375 123375->123372 123377 6a5c26 123375->123377 123378 6a5cc7 123377->123378 123387 6c8298 123378->123387 123380 6a5cdd 123382 6a5ce8 123380->123382 123407 6a8010 123380->123407 123382->123372 123383 6a5d08 123411 6a5258 123383->123411 123385 6a5d44 123419 6a8fba 123385->123419 123388 6c82ae 123387->123388 123423 68e9e2 123388->123423 123389 6c838c 123390 6ef500 5 API calls 123389->123390 123391 6c83ba 123389->123391 123392 6c83ed 123390->123392 123391->123380 123426 6a64ba 123392->123426 123394 6c8408 123395 6ef500 5 API calls 123394->123395 123396 6c8582 123395->123396 123397 6ef500 5 API calls 123396->123397 123398 6c85c7 123397->123398 123430 6c0dc6 abort abort abort malloc malloc 123398->123430 123400 6c8605 123401 6b1f40 6 API calls 123400->123401 123405 6c864f 123400->123405 123402 6c86be 123401->123402 123431 6c1d74 123402->123431 123437 6b0bc2 123405->123437 123408 6a80b1 123407->123408 123409 6ef500 5 API calls 123408->123409 123410 6a80e2 123408->123410 123409->123410 123410->123383 123412 6a5302 123411->123412 123466 6a55dc 123412->123466 123414 6a542c 123414->123385 123415 6a531a 123415->123414 123416 6ef500 5 API calls 123415->123416 123417 6a53ce 123416->123417 123472 6c15a2 abort abort abort malloc malloc 123417->123472 123421 6a9067 123419->123421 123420 6a9113 123420->123382 123421->123420 123475 6ecda0 123421->123475 123443 614b80 123423->123443 123427 6a6557 123426->123427 123428 6ef370 5 API calls 123427->123428 123429 6a65a4 123428->123429 123429->123394 123430->123400 123433 6c1e2d 123431->123433 123432 6c1f64 123432->123405 123433->123432 123434 6ef500 5 API calls 123433->123434 123435 6c1f1c 123434->123435 123446 6c15a2 abort abort abort malloc malloc 123435->123446 123438 6b0c59 123437->123438 123447 6b0f06 123438->123447 123442 6b0c84 123442->123391 123444 6115c0 15 API calls 123443->123444 123445 614ba1 123444->123445 123445->123389 123446->123432 123448 6b0f1e 123447->123448 123452 6eb3c0 123448->123452 123451 6b1d9c 7 API calls 123451->123442 123453 6eb3dd 123452->123453 123456 6a7792 123453->123456 123457 6a77c7 123456->123457 123461 6a77f4 123456->123461 123459 6a77fb 123457->123459 123460 6a77df 123457->123460 123458 6a7877 123458->123451 123463 6a7801 free 123459->123463 123464 6a7817 realloc 123459->123464 123460->123461 123462 6a77e5 malloc 123460->123462 123461->123458 123465 6a7866 memset 123461->123465 123462->123461 123463->123461 123464->123461 123465->123458 123467 6a5683 123466->123467 123471 6a569b 123467->123471 123473 6a47cc abort abort abort malloc malloc 123467->123473 123469 6a56db 123474 6b02ac abort abort abort malloc malloc 123469->123474 123471->123415 123472->123414 123473->123469 123474->123471 123476 6ecdc3 123475->123476 123479 6ac88e 123476->123479 123478 6ecdeb 123478->123421 123480 6ac955 123479->123480 123481 6acadf 123480->123481 123485 6adcfc 123480->123485 123482 6acbe3 123481->123482 123484 6adb64 5 API calls 123481->123484 123482->123478 123484->123481 123486 6adda6 123485->123486 123487 6adb64 5 API calls 123486->123487 123488 6addca 123487->123488 123488->123480 123489 6008c0 123490 640410 77 API calls 123489->123490 123491 6008da 123490->123491 123492 600909 123491->123492 123494 640660 47 API calls 123491->123494 123493 640fa0 17 API calls 123492->123493 123495 6022eb 123493->123495 123494->123492 123496 525bb0 123497 525bb8 123496->123497 123499 525971 123497->123499 123500 530640 123497->123500 123502 530674 123500->123502 123501 530746 123508 5306fd 123501->123508 123511 59b440 123501->123511 123502->123501 123507 5308ea 123502->123507 123502->123508 123504 530b97 strchr 123506 530baa isspace 123504->123506 123504->123507 123506->123507 123507->123504 123507->123508 123510 530949 123507->123510 123523 530230 atoi atoi strcmp 123507->123523 123508->123499 123509 5843d0 strcmp 123509->123510 123510->123508 123510->123509 123512 59b44a 123511->123512 123513 59b453 GetDC 123511->123513 123512->123508 123515 59b4ca 123513->123515 123516 59b686 GetTextExtentPoint32W 123515->123516 123518 59b930 ReleaseDC 123515->123518 123522 59b861 123515->123522 123517 59b6c4 123516->123517 123517->123518 123520 59b6e0 123517->123520 123518->123522 123521 59b83b ReleaseDC 123520->123521 123520->123522 123521->123522 123522->123508 123523->123507 123524 63ad80 123525 63ada2 123524->123525 123526 63aeeb 123524->123526 123528 63aec4 123525->123528 123529 63adab 123525->123529 123551 6411b0 25 API calls 123526->123551 123533 63a4d0 713 API calls 123528->123533 123530 63ae10 123529->123530 123531 63adb0 123529->123531 123535 639c80 26 API calls 123530->123535 123534 644120 17 API calls 123531->123534 123532 63af16 123532->123532 123536 63adfb 123533->123536 123537 63adbd 123534->123537 123538 63ae1e 123535->123538 123539 63a4d0 713 API calls 123537->123539 123538->123536 123540 644120 17 API calls 123538->123540 123541 63ade8 123539->123541 123542 63ae33 123540->123542 123541->123536 123544 63ae70 123541->123544 123548 63ae81 123541->123548 123549 644f30 20 API calls 123542->123549 123545 630780 14 API calls 123544->123545 123547 63ae75 123545->123547 123550 64c3c0 14 API calls 123548->123550 123549->123537 123550->123536 123551->123532 123552 5fe23a 123553 5fe297 123552->123553 123554 5fe2a3 123553->123554 123578 5fcab1 123553->123578 123555 657fe0 38 API calls 123554->123555 123556 5fcf50 123555->123556 123557 5fd220 123559 630780 14 API calls 123557->123559 123563 5fd22f 123557->123563 123558 5fd274 123560 5fd30c 123558->123560 123561 5fd2cc __iob_func fprintf 123558->123561 123559->123557 123562 632530 4 API calls 123561->123562 123562->123560 123563->123558 123565 630780 14 API calls 123563->123565 123581 64c3c0 14 API calls 123563->123581 123565->123563 123566 630780 14 API calls 123566->123578 123567 600f6f 123568 632530 4 API calls 123567->123568 123569 600f7b 123568->123569 123570 644120 17 API calls 123569->123570 123571 600f95 123570->123571 123582 640dd0 14 API calls 123571->123582 123573 600fa5 123575 6416e0 36 API calls 123573->123575 123574 5fd0c5 123580 64c3c0 14 API calls 123574->123580 123576 600fd0 123575->123576 123578->123556 123578->123557 123578->123566 123578->123567 123578->123574 123579 64c3c0 14 API calls 123578->123579 123579->123578 123580->123556 123581->123563 123582->123573 123583 6669c0 123584 6669d5 123583->123584 123585 6669d0 123583->123585 123615 620530 _errno 123584->123615 123585->123584 123586 6669f0 DeleteFileW 123585->123586 123588 666a10 GetLastError 123586->123588 123589 666a01 123586->123589 123590 666a20 123588->123590 123614 620510 _errno 123590->123614 123592 666a25 123593 666a50 GetFileAttributesW 123592->123593 123594 666a2a 123592->123594 123596 666a60 123593->123596 123610 666a42 123593->123610 123616 620510 _errno 123594->123616 123598 666aa4 123596->123598 123599 666a64 123596->123599 123597 666a2f 123601 666a34 123597->123601 123602 666a7a 123597->123602 123608 666b04 GetLastError 123598->123608 123598->123610 123611 666abd 123598->123611 123600 666a6c 123599->123600 123599->123602 123618 668140 memset DeviceIoControl CloseHandle GetLastError CloseHandle 123600->123618 123617 620510 _errno 123601->123617 123602->123610 123619 620530 _errno 123602->123619 123606 666a76 123606->123589 123606->123602 123607 666a39 123607->123610 123620 620530 _errno 123607->123620 123608->123610 123611->123589 123612 666ace GetLastError 123611->123612 123613 6669df 123612->123613 123614->123592 123615->123613 123616->123597 123617->123607 123618->123606 123619->123613 123620->123613 123621 5981b0 123622 5981cf 123621->123622 123623 5982d0 BeginPaint EndPaint 123622->123623 123625 5981e8 123622->123625 123626 598223 123622->123626 123628 5982f5 123623->123628 123624 59824d DefWindowProcA 123625->123624 123625->123626 123627 510ff0 44 API calls 123625->123627 123629 59821f 123627->123629 123629->123624 123629->123626 123630 6b2040 123633 6b2065 123630->123633 123631 6b20f8 123633->123631 123636 6b3cb4 123633->123636 123640 6ea8c0 13 API calls 123633->123640 123635 6b20c1 memcpy 123635->123633 123637 6b3cf0 123636->123637 123641 6ed390 123637->123641 123639 6b3d0f 123639->123633 123640->123635 123642 6ed3ab 123641->123642 123644 6ed3bd 123642->123644 123645 6b10d8 123642->123645 123644->123639 123646 6b10f2 123645->123646 123647 6eb3c0 4 API calls 123646->123647 123652 6b110d 123647->123652 123648 6b1292 123648->123644 123649 6b117b 123649->123648 123653 6c8b4e 13 API calls 123649->123653 123651 6ef370 5 API calls 123651->123652 123652->123649 123652->123651 123653->123648 123654 6b1880 123655 6b18a1 123654->123655 123656 6b18b3 123655->123656 123657 6b10d8 13 API calls 123655->123657 123666 6b167e 123656->123666 123657->123656 123659 6b1a00 123677 6b1d9c 7 API calls 123659->123677 123661 6b1a3e 123662 6ef370 5 API calls 123663 6b18d2 123662->123663 123663->123659 123663->123662 123664 6b19b1 123663->123664 123664->123659 123676 6b131e 7 API calls 123664->123676 123667 6b16a6 123666->123667 123670 6b169a 123666->123670 123668 6b16b2 123667->123668 123671 6b16c2 123667->123671 123678 6b1476 7 API calls 123668->123678 123670->123663 123671->123670 123672 6b1701 123671->123672 123673 6b1716 123671->123673 123679 6b1736 12 API calls 123672->123679 123680 6b1570 7 API calls 123673->123680 123676->123659 123677->123661 123678->123670 123679->123670 123680->123670 123681 5c55b0 123682 5c5600 123681->123682 123683 5c55c1 123681->123683 123699 60c640 32 API calls 123682->123699 123692 650150 123683->123692 123685 5c5617 123687 5c55d6 123697 630f30 15 API calls 123687->123697 123689 5c55ea 123698 640dd0 14 API calls 123689->123698 123691 5c55f5 123700 6592f0 17 API calls 123692->123700 123694 65018e 123696 6501aa 123694->123696 123701 64fae0 123694->123701 123696->123687 123697->123689 123698->123691 123699->123685 123700->123694 123702 64fb0d 123701->123702 123703 64fd0f 123701->123703 123704 64fc52 123702->123704 123705 64fb37 123702->123705 123703->123696 123706 63cc80 16 API calls 123704->123706 123722 64fb7a 123704->123722 123708 63cc80 16 API calls 123705->123708 123705->123722 123706->123722 123707 65010e 123708->123722 123709 64fcbb 123725 64fccd 123709->123725 123735 640e90 14 API calls 123709->123735 123710 63cc80 16 API calls 123710->123722 123713 654e40 18 API calls 123713->123722 123714 64ff80 123715 641070 17 API calls 123714->123715 123730 64feaa 123715->123730 123716 641070 17 API calls 123716->123722 123717 64ffa4 123741 640d00 16 API calls 123717->123741 123718 64fece 123737 640dd0 14 API calls 123718->123737 123721 63cd70 14 API calls 123721->123722 123722->123707 123722->123709 123722->123710 123722->123713 123722->123714 123722->123716 123722->123721 123723 650020 123722->123723 123722->123725 123722->123730 123742 640e90 14 API calls 123723->123742 123736 63cd70 14 API calls 123725->123736 123726 64fed9 123726->123707 123738 644f60 36 API calls 123726->123738 123730->123717 123730->123718 123731 64ff29 123739 6585d0 17 API calls 123731->123739 123733 64ff57 123740 640ae0 14 API calls 123733->123740 123735->123725 123736->123703 123737->123726 123738->123731 123739->123733 123742->123725 123743 5ffff2 123744 606670 74 API calls 123743->123744 123745 600014 123744->123745 123746 696699 123747 6966a9 123746->123747 123749 6966b9 123746->123749 123750 68fb2a 123747->123750 123752 68fbca 123750->123752 123751 6a8010 5 API calls 123751->123752 123752->123751 123753 68fcbb 123752->123753 123753->123749 123754 616cd4 123755 632530 4 API calls 123754->123755 123756 616ce0 123755->123756 123757 6115c0 15 API calls 123756->123757 123763 616d11 123756->123763 123757->123763 123759 616d80 123761 616db4 123759->123761 123774 620530 _errno 123759->123774 123763->123759 123764 630780 14 API calls 123763->123764 123773 6166c0 36 API calls 123763->123773 123777 620510 _errno 123763->123777 123778 64c3c0 14 API calls 123763->123778 123764->123763 123765 616e78 123767 616e9d 123765->123767 123775 620550 38 API calls 123765->123775 123769 616e85 123770 644120 17 API calls 123769->123770 123771 616e92 123770->123771 123776 640dd0 14 API calls 123771->123776 123773->123763 123774->123765 123775->123769 123776->123767 123777->123763 123778->123763 123779 5fd5ea 123782 5fd655 123779->123782 123780 624d10 36 API calls 123780->123782 123781 603b2a 123816 64c3c0 14 API calls 123781->123816 123782->123780 123792 5fe3cf 123782->123792 123793 601340 123782->123793 123783 657fe0 38 API calls 123783->123793 123786 603a48 123786->123781 123791 603aca 123786->123791 123786->123792 123787 624a40 36 API calls 123787->123793 123788 631460 15 API calls 123788->123792 123789 64c280 15 API calls 123789->123793 123790 624ad0 36 API calls 123790->123793 123794 630780 14 API calls 123791->123794 123792->123788 123795 5f2220 20 API calls 123792->123795 123803 60627a 123792->123803 123805 630780 14 API calls 123792->123805 123807 657fe0 38 API calls 123792->123807 123808 64c3c0 14 API calls 123792->123808 123809 64c280 15 API calls 123792->123809 123810 630910 17 API calls 123792->123810 123811 632530 4 API calls 123792->123811 123812 5f24b0 20 API calls 123792->123812 123813 5fc1b0 36 API calls 123792->123813 123793->123781 123793->123783 123793->123786 123793->123787 123793->123789 123793->123790 123797 603adf 123793->123797 123802 630780 14 API calls 123793->123802 123814 64c3c0 14 API calls 123793->123814 123794->123792 123795->123792 123798 603af8 123797->123798 123800 630780 14 API calls 123797->123800 123815 64c3c0 14 API calls 123798->123815 123800->123798 123802->123793 123817 64c3c0 14 API calls 123803->123817 123805->123792 123806 6062a3 123807->123792 123808->123792 123809->123792 123810->123792 123811->123792 123812->123792 123813->123792 123814->123793 123815->123781 123816->123792 123817->123806 123818 66a050 123829 622860 123818->123829 123830 667850 123831 667878 123830->123831 123832 6678a0 GetLastError 123831->123832 123833 66787c GetFileAttributesW 123831->123833 123835 6678ad 123832->123835 123833->123832 123834 66788a 123833->123834 123836 66788e 123834->123836 123838 620530 _errno 123834->123838 123838->123836 123839 676d10 123840 676d1e 123839->123840 123841 676d43 123840->123841 123842 67769c 123840->123842 123843 6778a9 123840->123843 123885 672810 123841->123885 123844 5becc0 16 API calls 123842->123844 123845 5bec10 14 API calls 123843->123845 123844->123841 123847 6778b5 123845->123847 123847->123841 123849 6778ba memcpy 123847->123849 123850 672810 14 API calls 123851 676d66 123850->123851 123861 676670 123851->123861 123889 672970 123851->123889 123854 676f54 123856 67752f 123854->123856 123859 672970 14 API calls 123854->123859 123855 672970 14 API calls 123857 676db3 123855->123857 123857->123861 123893 677cb0 123857->123893 123858 672810 14 API calls 123858->123861 123859->123856 123861->123854 123861->123856 123861->123858 123862 677470 123863 672810 14 API calls 123864 677116 123863->123864 123867 672810 14 API calls 123864->123867 123865 6770bc 123865->123861 123865->123863 123866 676832 123866->123861 123866->123862 123866->123865 123869 6777e2 123866->123869 123882 67721e 123866->123882 123868 677125 123867->123868 123868->123861 123870 672810 14 API calls 123868->123870 123872 672970 14 API calls 123869->123872 123871 6771ae 123870->123871 123873 672810 14 API calls 123871->123873 123872->123861 123874 6771bd 123873->123874 123874->123861 123875 672970 14 API calls 123874->123875 123876 6771fd 123875->123876 123879 672970 14 API calls 123876->123879 123877 672970 14 API calls 123877->123882 123878 677c11 123880 672970 14 API calls 123878->123880 123879->123882 123881 677c3b 123880->123881 123882->123861 123882->123877 123882->123878 123883 677357 123882->123883 123899 6765f0 123883->123899 123887 672822 123885->123887 123886 672838 123886->123850 123887->123886 123888 5bec10 14 API calls 123887->123888 123888->123886 123890 672987 123889->123890 123891 5bec10 14 API calls 123890->123891 123892 6729ad 123890->123892 123891->123892 123892->123855 123898 677cee 123893->123898 123894 672810 14 API calls 123894->123898 123895 672970 14 API calls 123895->123898 123896 6765f0 14 API calls 123896->123898 123897 677e50 123897->123866 123898->123894 123898->123895 123898->123896 123898->123897 123904 676633 123899->123904 123900 676f54 123902 672970 14 API calls 123900->123902 123903 67752f 123900->123903 123901 672810 14 API calls 123901->123904 123902->123903 123903->123861 123904->123900 123904->123901 123904->123903 123905 617599 123906 6175a7 123905->123906 123907 61784e 123906->123907 123916 6615c0 123906->123916 123927 61e620 123906->123927 123957 6166c0 36 API calls 123906->123957 123958 63ce90 14 API calls 123906->123958 123909 617863 123907->123909 123910 630780 14 API calls 123907->123910 123959 64c3c0 14 API calls 123909->123959 123910->123909 123913 6178b0 123913->123913 123917 6615d5 123916->123917 123918 661640 GetStdHandle 123917->123918 123919 6615d9 CloseHandle 123917->123919 123920 661654 GetStdHandle 123918->123920 123926 6615eb 123918->123926 123921 661683 GetLastError 123919->123921 123919->123926 123922 661661 GetStdHandle 123920->123922 123920->123926 123923 665090 123921->123923 123924 661675 CloseHandle 123922->123924 123922->123926 123925 661690 _errno 123923->123925 123924->123921 123924->123926 123925->123926 123926->123906 123928 61e635 123927->123928 123929 61e6d0 123928->123929 123930 61e63f 123928->123930 123963 670270 GetCurrentThreadId 123929->123963 123931 61e6b1 123930->123931 123932 61e646 123930->123932 123962 63ce90 14 API calls 123931->123962 123960 670270 GetCurrentThreadId 123932->123960 123936 61e6d9 123936->123931 123939 61e6de 123936->123939 123938 61e64f 123940 61e710 123938->123940 123941 61e658 123938->123941 123964 61c7b0 27 API calls 123939->123964 123943 61ce40 713 API calls 123940->123943 123961 61c7b0 27 API calls 123941->123961 123945 61e72f 123943->123945 123955 61e68e 123945->123955 123965 6166c0 36 API calls 123945->123965 123947 61e69a 123947->123906 123948 630780 14 API calls 123948->123955 123955->123947 123955->123948 123966 61ddf0 14 API calls 123955->123966 123967 61cbd0 14 API calls 123955->123967 123968 63ce90 14 API calls 123955->123968 123957->123906 123959->123913 123960->123938 123963->123936 123965->123955 123966->123955 123967->123955 123969 6171db 123971 6171e2 123969->123971 123970 61726e 123971->123969 123971->123970 123976 6172f1 123971->123976 123986 6617c0 123971->123986 123972 611710 14 API calls 123972->123976 123973 6173ac 123975 6173f0 123993 620530 _errno 123975->123993 123976->123972 123976->123973 123996 64c3c0 14 API calls 123976->123996 123978 6172bf 123978->123976 123980 630780 14 API calls 123978->123980 123980->123976 123981 6173f5 123981->123976 123994 620550 38 API calls 123981->123994 123983 617419 123995 640d00 16 API calls 123983->123995 123987 661820 SetFilePointer 123986->123987 123988 6617e1 WriteFile 123986->123988 123987->123988 123989 661840 GetLastError 123988->123989 123991 617299 123988->123991 123990 665090 123989->123990 123992 66184d _errno 123990->123992 123991->123975 123991->123976 123991->123978 123992->123991 123993->123981 123994->123983 123996->123976 123997 5a0a20 123998 5a0a5d 123997->123998 123999 5a0add 123998->123999 124000 5a0a69 123998->124000 124003 5a0af0 123999->124003 124008 5a0a91 123999->124008 124001 5a0300 50 API calls 124000->124001 124002 5a0a89 124000->124002 124005 5a0b48 124001->124005 124004 5a0b0f DefWindowProcA 124002->124004 124002->124008 124010 59dde0 29 API calls 124003->124010 124007 5a0b58 GetCapture 124005->124007 124005->124008 124007->124002 124007->124008 124009 5a0af7 124009->124008 124010->124009 124011 696a52 124012 630a00 15 API calls 124011->124012 124013 696a78 124012->124013 124014 619750 713 API calls 124013->124014 124017 696ac0 124013->124017 124015 696b19 124014->124015 124015->124017 124018 6a5e12 124015->124018 124019 6a5e2e 124018->124019 124022 6c8872 124019->124022 124021 6a5e45 124021->124017 124023 6c8928 124022->124023 124028 6c505c abort abort abort malloc malloc 124023->124028 124025 6c89c7 124029 6c594c 15 API calls 124025->124029 124027 6c89fd 124027->124021 124028->124025 124029->124027 124030 4e35f0 124031 6e9560 124030->124031 124032 4e3636 MultiByteToWideChar MessageBeep MessageBoxW ExitProcess GetModuleHandleA 124031->124032 124033 4e36cc GetProcAddress GetProcAddress 124032->124033 124034 4e370b 124032->124034 124035 4e36f6 124033->124035 124036 4e3717 setlocale 124034->124036 124035->124034 124037 4e3754 124036->124037 124038 5b8c00 713 API calls 124037->124038 124039 4e3788 124038->124039 124042 4e8470 124039->124042 124043 4e84a6 124042->124043 124044 4e8a5f abort 124043->124044 124045 4e84af 124043->124045 124058 4e4180 124045->124058 124047 4e89f1 strlen 124054 4e84f6 124047->124054 124048 4e874c 124113 4e5bd0 124048->124113 124050 4e869a GetStdHandle 124051 4e87f3 GetFileType 124050->124051 124050->124054 124052 4e8807 GetFileType 124051->124052 124051->124054 124052->124054 124054->124047 124054->124048 124054->124050 124055 504710 MultiByteToWideChar MultiByteToWideChar MessageBoxW 124054->124055 124057 620ff0 713 API calls 124054->124057 124066 4e3000 124054->124066 124055->124054 124057->124054 124060 4e4199 124058->124060 124059 4e41c0 124059->124054 124060->124059 124117 4e40a0 GetStdHandle GetFileType GetConsoleMode GetCommState 124060->124117 124062 4e41e0 124118 4e40a0 GetStdHandle GetFileType GetConsoleMode GetCommState 124062->124118 124064 4e41ed 124119 4e40a0 GetStdHandle GetFileType GetConsoleMode GetCommState 124064->124119 124076 4e3017 124066->124076 124067 4e32d0 124068 620f80 713 API calls 124067->124068 124069 4e32e8 124068->124069 124071 4e3308 124069->124071 124072 4e32f0 124069->124072 124070 4e3280 124073 620f80 713 API calls 124070->124073 124080 4e331a MessageBeep 124071->124080 124074 619750 713 API calls 124072->124074 124075 4e3298 124073->124075 124074->124071 124077 4e32b8 124075->124077 124078 4e32a0 124075->124078 124076->124067 124076->124070 124079 4e3234 124076->124079 124089 4e3046 124076->124089 124077->124067 124081 619750 713 API calls 124078->124081 124082 620f80 713 API calls 124079->124082 124134 641100 19 API calls 124080->124134 124081->124077 124084 4e324c 124082->124084 124086 4e326c 124084->124086 124087 4e3254 124084->124087 124085 4e332d MessageBoxA ExitProcess 124086->124070 124088 619750 713 API calls 124087->124088 124088->124086 124090 659df0 17 API calls 124089->124090 124091 4e3113 124090->124091 124120 66a3c0 124091->124120 124093 4e311b 124094 4e3122 strcmp 124093->124094 124095 4e313a 124094->124095 124096 4e3220 124094->124096 124097 659df0 17 API calls 124095->124097 124098 5f8ff0 713 API calls 124096->124098 124099 4e314f 124097->124099 124098->124095 124100 60df40 713 API calls 124099->124100 124101 4e316b 124100->124101 124101->124080 124126 4e4480 124101->124126 124103 4e318d 124103->124080 124104 4e3196 124103->124104 124105 5bc110 713 API calls 124104->124105 124109 4e31b1 124105->124109 124106 4e31b5 124107 659df0 17 API calls 124106->124107 124108 4e31d1 124107->124108 124108->124054 124109->124106 124110 640fa0 17 API calls 124109->124110 124111 4e3200 124110->124111 124111->124106 124112 5bc140 713 API calls 124111->124112 124112->124106 124114 4e5be0 124113->124114 124115 4e379c 124114->124115 124116 62f3d0 713 API calls 124114->124116 124116->124114 124117->124062 124118->124064 124119->124059 124121 66a3cd 124120->124121 124122 654f10 17 API calls 124121->124122 124123 66a3da GetACP wsprintfA strlen 124122->124123 124124 654f10 17 API calls 124123->124124 124125 66a405 124124->124125 124125->124093 124130 5b8c00 713 API calls 124126->124130 124127 4e44a3 124131 60df40 713 API calls 124127->124131 124132 5bc140 713 API calls 124127->124132 124128 4e44b2 124129 4e44c4 124128->124129 124135 5bc700 124128->124135 124129->124103 124130->124127 124131->124128 124132->124128 124134->124085 124136 5bc140 713 API calls 124135->124136 124137 5bc723 124136->124137 124137->124129 124138 4eb770 124139 4eb796 124138->124139 124140 4ebaad 124139->124140 124141 4eb886 124139->124141 124143 4eba78 sprintf 124139->124143 124144 4ebdc8 124140->124144 124145 4ebb60 124140->124145 124143->124140 124178 504650 strrchr 124144->124178 124151 5336f0 124145->124151 124147 4ebc3d 124147->124141 124158 4ec350 124147->124158 124152 53371d 124151->124152 124153 5337ec 124152->124153 124155 533729 124152->124155 124154 532e90 739 API calls 124153->124154 124157 533796 124154->124157 124179 532e90 124155->124179 124157->124147 124159 4ec35d 124158->124159 124236 5908e0 124159->124236 124178->124141 124180 532ec1 124179->124180 124191 533092 124179->124191 124181 526490 strcmp 124180->124181 124182 532edc 124181->124182 124185 5331ae 124182->124185 124182->124191 124198 4ea800 124182->124198 124184 559470 713 API calls 124184->124191 124185->124157 124186 533599 124187 559470 713 API calls 124186->124187 124187->124185 124188 4e9f80 107 API calls 124188->124185 124191->124184 124191->124185 124191->124186 124193 53336c 124191->124193 124197 5331a6 124191->124197 124204 584550 7 API calls 124191->124204 124205 584c40 GetStockObject GetPaletteEntries CreatePalette 124191->124205 124206 4e9c80 memcpy 124191->124206 124194 526910 713 API calls 124193->124194 124195 5333b3 124194->124195 124196 532780 713 API calls 124195->124196 124195->124197 124196->124197 124197->124185 124197->124188 124199 4ea833 124198->124199 124207 4ea480 124199->124207 124201 4ea84e 124202 4eaa58 124201->124202 124231 54c7a0 strcmp 124201->124231 124202->124182 124204->124191 124205->124191 124206->124191 124208 4ea4c1 124207->124208 124209 4ea6f3 124208->124209 124210 4ea4cc 124208->124210 124234 5449a0 isupper strlen strcpy 124209->124234 124212 4ea514 strlen 124210->124212 124228 4ea644 124210->124228 124229 4ea79d 124210->124229 124214 4ea531 124212->124214 124213 4ea71e 124235 5449a0 isupper strlen strcpy 124213->124235 124217 4ea568 124214->124217 124221 4ea73a strtoul 124214->124221 124219 4ea59b 124217->124219 124220 4ea571 strncmp 124217->124220 124225 4ea631 124217->124225 124218 4ea692 124223 4e9f80 107 API calls 124218->124223 124224 4ea69a 124218->124224 124232 510150 strcmp memset strlen strcpy memset 124219->124232 124220->124217 124221->124217 124223->124224 124224->124201 124227 4ea769 sprintf 124225->124227 124225->124228 124226 4ea5a3 124226->124229 124230 4ea617 strncpy 124226->124230 124227->124224 124228->124224 124233 4e9410 6 API calls 124228->124233 124230->124225 124231->124202 124232->124226 124233->124218 124234->124213 124235->124214 124237 5908ee 124236->124237 124264 4f53e0 124237->124264 124239 590929 124240 4f53e0 3 API calls 124239->124240 124241 59093f 124240->124241 124242 4f53e0 3 API calls 124241->124242 124243 4ec385 124242->124243 124244 591550 124243->124244 124245 59155e 124244->124245 124246 4f53e0 3 API calls 124245->124246 124247 591577 124246->124247 124248 4f53e0 3 API calls 124247->124248 124249 59158d 124248->124249 124250 4f53e0 3 API calls 124249->124250 124251 4ec38d 124250->124251 124252 4f0e60 124251->124252 124253 4f0e6e 124252->124253 124254 4f53e0 3 API calls 124253->124254 124255 4f0e87 124254->124255 124256 4f53e0 3 API calls 124255->124256 124257 4ec395 124256->124257 124258 4f2210 124257->124258 124259 4f221e 124258->124259 124260 4f53e0 3 API calls 124259->124260 124261 4f22ac 124260->124261 124262 4f53e0 3 API calls 124261->124262 124263 4f22c2 124262->124263 124274 4ee6b0 124264->124274 124268 4f53be 124268->124239 124269 4f5300 124270 4f531d 124269->124270 124271 4f5328 124270->124271 124272 4f533a strchr 124270->124272 124271->124268 124273 4f534f 124272->124273 124273->124268 124275 4ee743 124274->124275 124277 4ee6c6 124274->124277 124275->124269 124277->124275 124278 4ee6b0 2 API calls 124277->124278 124279 4ed2f0 strlen strcpy 124277->124279 124278->124277 124279->124277

                                          Executed Functions

                                          Function 005E7A10 Relevance: 71.6, APIs: 1, Strings: 46, Instructions: 1074COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (parsing expression "%.*s%s")$in expression "%s%.*s%.*s%s%s%.*s%s"$...$\$_@_$argument$characte$close-br$ed "," o$ed close$ed close$ed open $ed open $ed opera$empty ex$empty subexpression at %s$g "?$gh memor$gh memor$invalid $max # of tokens for a Tcl parse (%d) exceeded$missing $missing function argument at %s$missing operand at %s$missing operator ":" at %s$missing operator at %s$not enou$not enou$pare$precedin$pression$se expre$se expre$ssio$tor ":" $unbalanc$unbalanc$unbalanc$unbalanc$unction $unexpect$unexpect$utside f$without $y to par$y to par
                                          • API String ID: 0-851274874
                                          • Opcode ID: 0aabd28593d9c903f597af501c11af209a650b4e6a4d475794f3edf4f76ceb56
                                          • Instruction ID: 79e38e6df1184b0e7f31f698a6b472726431f3521295253bdb38db1195ebb2a7
                                          • Opcode Fuzzy Hash: 0aabd28593d9c903f597af501c11af209a650b4e6a4d475794f3edf4f76ceb56
                                          • Instruction Fuzzy Hash: 86A2CF72208BC4C6D7648F16E8483AABFA5F788B84F05851ADBDD0B794CF78D945CB84
                                          Function 005B8C00 Relevance: 67.0, APIs: 3, Strings: 35, Instructions: 453stringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 296 5b8c00-5b8f82 call 5fb0e0 call 5bec10 call 6306d0 call 63cf50 call 5bec10 * 4 call 60bbc0 * 4 call 64c280 call 5bec10 call 64c280 call 5bec10 call 60bbc0 call 6e96c0 call 6236f0 call 6306d0 call 670270 getenv 339 5b8f8b-5b8fd1 call 60bbc0 * 2 call 62a1a0 296->339 340 5b8f84 296->340 347 5b959d-5b95a4 call 632530 339->347 348 5b8fd7-5b8ff8 call 5bec10 call 629760 339->348 340->339 352 5b95a9 347->352 355 5b8ffe-5b90a1 call 5fbdc0 call 611170 call 670850 call 67c0a0 call 660ab0 348->355 356 5b9560-5b956c call 632530 348->356 352->352 375 5b90b1-5b90b6 355->375 363 5b9571-5b9582 call 632530 356->363 370 5b958c-5b9598 call 632530 363->370 370->347 376 5b90bc-5b90dc 375->376 377 5b9500-5b9505 375->377 381 5b90de-5b915b call 5bec10 376->381 382 5b90a3-5b90ab 376->382 377->376 378 5b950b-5b9517 call 632530 377->378 378->376 381->375 384 5b9161-5b91e8 call 61c5f0 call 5f5ef0 call 5c5b40 call 5cdce0 call 5c0c90 call 5b89b0 * 2 call 62a1a0 381->384 382->375 382->384 384->370 403 5b91ee-5b9228 384->403 404 5b9230-5b9270 strcpy call 5b89b0 call 62a520 403->404 409 5b9272-5b928a call 62a1a0 404->409 409->363 412 5b9290-5b92cc call 62a520 409->412 415 5b92d1-5b931b call 5bec10 strcpy call 5b89b0 412->415 420 5b9321-5b9328 415->420 421 5b9520-5b952f call 632530 415->421 422 5b932a 420->422 423 5b932e-5b9336 420->423 428 5b9534-5b9553 call 640fa0 call 6309e0 call 632530 421->428 422->423 423->415 426 5b9338-5b9433 call 60df80 call 5f9980 call 63bea0 call 659d50 call 631500 call 659c50 call 631500 call 659c50 call 659df0 * 2 call 650f80 call 66a450 423->426 463 5b9438-5b94bb call 659d50 call 63ac20 call 5b89b0 call 64b340 call 64db30 426->463 442 5b94c1-5b94df call 623340 428->442 448 5b94ed-5b94fa 442->448 449 5b94e1-5b94e8 call 632530 442->449 449->448 463->428 463->442
                                          APIs
                                            • Part of subcall function 00670270: GetCurrentThreadId.KERNEL32 ref: 00670274
                                          • getenv.MSVCRT ref: 005B8F7A
                                          • strcpy.MSVCRT ref: 005B9237
                                          • strcpy.MSVCRT ref: 005B92F5
                                            • Part of subcall function 0066A450: GetVersionExA.KERNEL32 ref: 0066A4A2
                                            • Part of subcall function 0066A450: GetSystemInfo.KERNEL32 ref: 0066A4AD
                                            • Part of subcall function 0066A450: wsprintfA.USER32 ref: 0066A507
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcpy$CurrentInfoSystemThreadVersiongetenvwsprintf
                                          • String ID: 8.5$8.5.12$::bitrock_cmd_exec_path$::errorC$::errorI$::tcl::Bgerror$::tcl::bitrock::waitPidOriginalCode$::tcl::m$::tcl::m$::tcl::mathfunc$::tcl::mathop$::tcl::unsupported::disassemble$Can't create math function namespace$TCL_INTERP_DEBUG_FRAME$TCL_PKG_PREFER_LATEST$Tcl$Tcl_CreateInterp: can't create global namespace$Tcl_CreateInterp: failed to push the root stack frame$abs$athfunc:$athop::$builtin command with NULL object command proc and a NULL compile proc$byteOrder$can't create math operator namespace$cant create cmd location$failed to create math operator %s$littleEndian$pointerSize$tcl_patchLevel$tcl_platform$tcl_precision$tcl_version$threaded$wordSize$,e
                                          • API String ID: 2225171868-2154576801
                                          • Opcode ID: b7ed0b7199d546f6806b16061ed00be28c8b16729b476cf9a79b35378b1561a7
                                          • Instruction ID: 45d73ccb5c15454524316ed9d94e69f79fef33a3bb1179fd96629f12f5c1d54b
                                          • Opcode Fuzzy Hash: b7ed0b7199d546f6806b16061ed00be28c8b16729b476cf9a79b35378b1561a7
                                          • Instruction Fuzzy Hash: 6E327A72201B8185EB95EF21E86539A37A5FB84B88F48413ADF8D0B399DF7DD544C3A0
                                          Function 00508A30 Relevance: 63.5, APIs: 29, Strings: 7, Instructions: 516windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 474 508a30-508a7a 476 509140-509148 call 4e9f60 474->476 477 508a80-508a97 GetFocus 474->477 485 509151-50916f SendMessageA 476->485 479 508aa4 477->479 480 508a99-508aa2 GetForegroundWindow 477->480 482 508aad-508ab4 479->482 480->479 480->482 483 508d93-508d9d 482->483 484 508aba-508ac8 482->484 488 509280-5092b0 GetDesktopWindow 483->488 489 508da3-508dad 483->489 486 5093bb-5093c9 484->486 487 508ace-508ad6 IsWindow 484->487 492 509171-50917e call 5089a0 485->492 493 509186-509192 call 506100 485->493 515 5093d2-5093ee 486->515 494 5092e0-5092ee 487->494 495 508adc-508afe SetWindowLongPtrA 487->495 496 509402-509419 488->496 497 5092b6-5092d4 488->497 490 509220-509239 489->490 491 508db3-508dba 489->491 502 509240-509263 490->502 498 508dc0-508dfc call 505ea0 491->498 499 509399-5093b6 491->499 492->493 521 5091a0-5091bd SendMessageA 493->521 519 5092f3-50930e 494->519 504 5090d0 495->504 505 508b04-508b21 495->505 497->502 498->515 520 508e02-508e2d 498->520 499->502 510 508e34-508e72 call 506900 502->510 511 509269-509276 502->511 509 5090d2-5090e3 SetWindowLongPtrA 504->509 517 509120-509126 505->517 518 508b27-508b65 SendMessageA * 2 505->518 522 5090f0-509109 SetWindowLongPtrA 509->522 531 509333-50933b 510->531 532 508e78-508e9e 510->532 511->510 515->511 517->476 524 508c15-508c24 518->524 525 508b6b-508b74 GetDesktopWindow 518->525 526 509314-50931d 519->526 527 50902d-50906d GetWindowPlacement 519->527 520->510 528 5091c3-5091f9 SendMessageA call 5a1420 SendMessageA 521->528 529 508c2a-508c39 521->529 522->504 530 50910b-50911c SetParent 522->530 524->521 524->529 525->524 535 508b7a-508b90 SetWindowLongPtrA 525->535 536 5093f3-5093fd 526->536 537 509323-50932e 526->537 541 509360-509368 call 533830 527->541 542 509073-509076 527->542 528->529 533 508c66-508c7f call 5089a0 529->533 534 508c3b-508c60 SetWindowPos 529->534 530->517 539 50933d-509348 531->539 540 50934e-509356 531->540 543 508ea2-508ec1 532->543 557 508c81-508c90 SendMessageA 533->557 558 508c96-508c99 533->558 534->533 545 508c01-508c0f SetMenu DestroyWindow 535->545 546 508b92-508bad 535->546 536->537 537->527 539->540 539->543 560 509370-509381 GetWindow 541->560 542->522 549 509078-50907e 542->549 550 509390 543->550 551 508ec7-508f98 call 50f8d0 CreateWindowExW 543->551 545->524 546->545 565 508baf-508bb1 546->565 555 509080-509088 549->555 556 50908e-5090a7 SetWindowLongPtrA 549->556 550->499 583 508fa2-508fd9 SetWindowLongPtrA 551->583 555->556 555->560 556->509 562 5090a9-5090c3 556->562 557->558 563 508cb3-508cba 558->563 564 508c9b-508cad SendMessageA 558->564 560->556 562->504 563->485 567 508cc0-508cca 563->567 564->563 566 508bbf-508bc3 565->566 570 508bb3-508bbd 566->570 571 508bc5-508bcc 566->571 572 508ce6-508ce9 567->572 573 508ccc-508cde SetMenu 567->573 570->545 570->566 571->570 576 508bce-508bff 571->576 577 508d5b-508d65 572->577 578 508ceb-508cf4 572->578 573->572 576->570 579 509200-50920b SetActiveWindow 577->579 580 508d6b-508d73 577->580 581 508d51-508d55 578->581 582 508cf6-508d04 578->582 579->490 584 508d75-508d7e SetFocus 580->584 585 508d7f-508d92 580->585 581->577 582->581 587 508d06-508d08 582->587 583->519 593 508fdf-508fe9 583->593 584->585 588 508d1c-508d20 587->588 589 508d10-508d1a 588->589 590 508d22-508d29 588->590 589->581 589->588 590->589 592 508d2b-508d4f call 508a30 call 5089a0 590->592 592->581 592->588 593->519 595 508fef-509027 593->595 595->527
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Window$MessageSend$FocusLongMenu$DesktopDestroyForeground
                                          • String ID: ,$TkTopLevel$UpdateWrapper: Cannot find container window$UpdateWrapper: Container was destroyed$X%z$`%z$pMz
                                          • API String ID: 3770283823-3850629643
                                          • Opcode ID: e98523ab3f09da4bca496981ad7b1b3ae9c21fa606ecef30f7935ca0a64b7d0e
                                          • Instruction ID: de6520761410cdac9a746ebc39fc81adf31f6fde7a6a33486801c6375765ab37
                                          • Opcode Fuzzy Hash: e98523ab3f09da4bca496981ad7b1b3ae9c21fa606ecef30f7935ca0a64b7d0e
                                          • Instruction Fuzzy Hash: CF32AF32306A9086EB60CF25E448BAE7BA4F7C5B94F169115CF9D47798EF38D841CB40
                                          Function 006283B0 Relevance: 49.9, APIs: 5, Strings: 23, Instructions: 852stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy$strncmp
                                          • String ID: (ensemble unknown subcommand handler)$ result of ensemble unknown subcommand handler: $ while parsing result of ensemble unknown subcommand handler$ does not export any commands$": must be $": namespace $ENSEMBLE$LOOKUP$SUBCOMMAND$TCL$break$continue$ensemble activated for deleted namespace$full name %s not found in supposedly synchronized hash$or $or ambiguous $return$subcommand "$subcommand ?argument ...?$unknown $unknown subcommand "$unknown subcommand handler deleted its ensemble$unknown subcommand handler returned bad code:
                                          • API String ID: 2397129164-2186723048
                                          • Opcode ID: 84b0a87afadd25f4a603d7951c6fef83e1d0d5c87d53d3c53faee9e146f67091
                                          • Instruction ID: 7c14acad9d4269d2433c6ec38444e92b0777cc2541e6e64cb2770aa1c7c8a2fe
                                          • Opcode Fuzzy Hash: 84b0a87afadd25f4a603d7951c6fef83e1d0d5c87d53d3c53faee9e146f67091
                                          • Instruction Fuzzy Hash: 72728C72609F948ADB64DF26E8513EA77A2F784BC4F54801ADE8D4B718DF38C945CB80
                                          Function 004E3000 Relevance: 36.9, APIs: 4, Strings: 17, Instructions: 190stringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00626BF0: strlen.MSVCRT ref: 00626C8C
                                            • Part of subcall function 00626BF0: strcpy.MSVCRT(?,?,?,004E305E), ref: 00626CA3
                                            • Part of subcall function 00626BF0: strcmp.MSVCRT ref: 00626C3C
                                            • Part of subcall function 0066A3C0: GetACP.KERNEL32 ref: 0066A3DA
                                            • Part of subcall function 0066A3C0: wsprintfA.USER32 ref: 0066A3ED
                                            • Part of subcall function 0066A3C0: strlen.MSVCRT ref: 0066A3F6
                                          • strcmp.MSVCRT ref: 004E312D
                                          Strings
                                          • vfs, xrefs: 004E309A
                                          • Error in Installer, xrefs: 004E3335
                                          • rechan, xrefs: 004E3082
                                          • tclkitpath, xrefs: 004E306A
                                          • tclkit_system_encoding, xrefs: 004E3143
                                          • tcl_rcFileName, xrefs: 004E3107
                                          • bitrock, xrefs: 004E30E6
                                          • utf-8, xrefs: 004E3254, 004E32A0, 004E32F0
                                          • zlib, xrefs: 004E30B2
                                          • NUL, xrefs: 004E3240, 004E328C, 004E32DC
                                          • -encoding, xrefs: 004E3260, 004E32AC, 004E32FC
                                          • errorInfo, xrefs: 004E31C5
                                          • set ::tclKitMkCounter 0set ::vfsSha256 465e432d4f66b5a51c87a37d9138f633f6223ebec5409d6ed00d9baedbd996a5;#sha256set ::vfsPositionOffset 0x0000000000ac7844;#offsetset ::vfsSize 0x00000000003194ef;#sizeset ::vfsCRC 0x8b16e4ea;#crcproc crc32 {fh start {end -1, xrefs: 004E3157
                                          • ~/tclkitrc.tcl, xrefs: 004E3100
                                          • Mk4tcl, xrefs: 004E3052
                                          • if {[file isfile [file join $::tcl::kitpath main.tcl]]} {if {[info commands console] != {}} { console hide }set tcl_interactive 0incr argcset argv [linsert $argv 0 $argv0]set argv0 [file join $::tcl::kitpath main.tcl]} elseif {[file isfile [file join $::, xrefs: 004E31A5
                                          • incr argc -1; set argv [lrange $argv 1 end], xrefs: 004E320D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcmpstrlen$strcpywsprintf
                                          • String ID: -encoding$Error in Installer$Mk4tcl$NUL$bitrock$errorInfo$if {[file isfile [file join $::tcl::kitpath main.tcl]]} {if {[info commands console] != {}} { console hide }set tcl_interactive 0incr argcset argv [linsert $argv 0 $argv0]set argv0 [file join $::tcl::kitpath main.tcl]} elseif {[file isfile [file join $::$incr argc -1; set argv [lrange $argv 1 end]$rechan$set ::tclKitMkCounter 0set ::vfsSha256 465e432d4f66b5a51c87a37d9138f633f6223ebec5409d6ed00d9baedbd996a5;#sha256set ::vfsPositionOffset 0x0000000000ac7844;#offsetset ::vfsSize 0x00000000003194ef;#sizeset ::vfsCRC 0x8b16e4ea;#crcproc crc32 {fh start {end -1$tcl_rcFileName$tclkit_system_encoding$tclkitpath$utf-8$vfs$zlib$~/tclkitrc.tcl
                                          • API String ID: 4041751807-4125100043
                                          • Opcode ID: 94f1578ddf7d4ca07143be6b6baced3a1664f475c8b9eddc37a118e8cb3e8691
                                          • Instruction ID: 231d7993061023af11f7cbb2228511d1b246e62d83cc5d2e7c0ba76421079704
                                          • Opcode Fuzzy Hash: 94f1578ddf7d4ca07143be6b6baced3a1664f475c8b9eddc37a118e8cb3e8691
                                          • Instruction Fuzzy Hash: 4771B67070468160EF99AB66F9227EA2352AB44785F44403FAD0F5BB66DF3CD60AC348
                                          Function 004EB770 Relevance: 34.9, APIs: 1, Strings: 22, Instructions: 387COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1021 4eb770-4eb799 call 64b340 1024 4eb79f-4eb84c call 556fd0 1021->1024 1025 4eb8c5-4eb8d6 1021->1025 1032 4eb985-4eb994 1024->1032 1033 4eb852-4eb855 1024->1033 1035 4eb9a1-4eb9ac 1032->1035 1034 4eb871-4eb884 1033->1034 1039 4eb886-4eb895 1034->1039 1040 4eb860-4eb86f 1034->1040 1037 4ebab6-4ebacc 1035->1037 1038 4eb9b2-4eb9d1 1035->1038 1043 4ebe15-4ebe60 call 504650 1037->1043 1044 4ebad2-4ebaef 1037->1044 1046 4eb9d3-4eb9ec 1038->1046 1047 4eba10-4eba38 call 512c70 1038->1047 1048 4eb8a2-4eb8bd 1039->1048 1040->1034 1051 4eb8e0-4eb8f8 1040->1051 1083 4ebe6c-4ebe77 call 4eb6e0 1043->1083 1058 4ebdf4-4ebdfd 1044->1058 1059 4ebaf5-4ebb30 1044->1059 1046->1048 1047->1046 1060 4eba3a-4ebab0 sprintf 1047->1060 1048->1025 1057 4eb8bf 1048->1057 1064 4eb8fe-4eb95e 1051->1064 1065 4eb9f1-4eba04 1051->1065 1057->1025 1062 4ebe0a 1058->1062 1059->1062 1063 4ebb36-4ebb5a 1059->1063 1060->1037 1062->1043 1068 4ebdc8-4ebdea 1063->1068 1069 4ebb60-4ebb6a 1063->1069 1096 4eb964-4eb980 1064->1096 1097 4ebdb1-4ebdc3 1064->1097 1065->1048 1068->1058 1072 4ebb6c-4ebb95 1069->1072 1073 4ebb9a-4ebba4 1069->1073 1072->1073 1076 4ebba6-4ebbcf 1073->1076 1077 4ebbd4-4ebbde 1073->1077 1076->1077 1080 4ebc0e-4ebc4f call 5336f0 1077->1080 1081 4ebbe0-4ebc09 1077->1081 1080->1048 1093 4ebc55-4ebc69 1080->1093 1081->1080 1090 4ebe83-4ebe89 1083->1090 1090->1048 1093->1083 1098 4ebc6f-4ebc79 1093->1098 1096->1048 1097->1035 1099 4ebc7b-4ebcb6 1098->1099 1100 4ebcc7-4ebce7 1098->1100 1099->1048 1110 4ebcbc 1099->1110 1100->1090 1107 4ebced-4ebd10 1100->1107 1107->1048 1111 4ebd16-4ebd48 call 584f90 call 4ec350 1107->1111 1110->1100 1111->1048 1117 4ebd4e-4ebd66 1111->1117 1119 4ebd6e-4ebd7a call 504630 1117->1119 1120 4ebd68 1117->1120 1119->1025 1123 4ebd80-4ebd8d call 5bc140 1119->1123 1120->1119 1124 4ebd93-4ebd97 1123->1124 1124->1025 1125 4ebd9d-4ebdac call 4e5ab0 1124->1125 1125->1025
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (processing arguments in argv variable)$-class$-colormap$-screen$-use$-visual$8.5$8.5.12$::safe::TkInit$DISPLAY$NULL master$Tcl$`%z$argc$argv$env$error in Tcl_GetInterpPath$geometry$if {[namespace which -command tkInit] eq ""} { proc tkInit {} { global tk_library tk_version tk_patchLevel rename tkInit {} tcl_findLibrary tk $tk_version $tk_patchLevel tk.tcl TK_LIBRARY tk_library }}tkInit$not allowed to start Tk by master's safe::TkInit$toplevel$wm geometry .
                                          • API String ID: 0-3242073998
                                          • Opcode ID: cceabc6a2ef7334b6748016851388c1db99361323f5b353053f8be02616d227c
                                          • Instruction ID: fe2a253fff6038dbeeb522a9ee965f52f60c0fb260bb419340673e30140f7dae
                                          • Opcode Fuzzy Hash: cceabc6a2ef7334b6748016851388c1db99361323f5b353053f8be02616d227c
                                          • Instruction Fuzzy Hash: 05025576708A8082EB64DF1AE9943AA73A1FB89FC5F448026DE8E43724DF7DD548C740
                                          Function 00625B80 Relevance: 33.5, APIs: 7, Strings: 15, Instructions: 511stringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1129 625b80-625bb4 1130 625e00-625e21 call 60c640 1129->1130 1131 625bba-625bd2 call 635de0 1129->1131 1139 625e30-625e3f call 6309e0 1130->1139 1136 625bf0-625c74 call 6309e0 call 654e20 * 6 1131->1136 1137 625bd4-625be9 1131->1137 1136->1139 1202 625c7a-625c7d 1136->1202 1145 625e70-625e81 1139->1145 1146 625e41-625e46 1139->1146 1149 625c92-625ca8 call 670440 1145->1149 1150 625e87-625ea8 call 6309e0 call 60e500 1145->1150 1146->1145 1148 625e48-625e64 call 640d00 1146->1148 1162 625dc0-625df8 call 654f90 * 6 1148->1162 1159 626356-626362 call 6704b0 1149->1159 1160 625cae-625cb1 1149->1160 1150->1149 1173 625eae 1150->1173 1181 626367-626384 call 66ab10 1159->1181 1165 625ccc-625cd4 1160->1165 1162->1130 1170 625eb3-625ec5 call 654f10 strcmp 1165->1170 1171 625cda-625d58 call 654f10 call 654e40 call 654f10 call 654e40 call 651770 * 2 strcmp call 654f10 strcmp 1165->1171 1185 625ecb-625ed2 call 6704b0 1170->1185 1186 625cbf-625cc6 1170->1186 1269 625cb3-625cb6 1171->1269 1270 625d5e-625d61 1171->1270 1178 625db8-625dbd 1173->1178 1178->1162 1199 625f57-6260fb call 651c50 call 654f10 call 654e40 * 8 call 670440 call 621bb0 1181->1199 1200 62638a-6263d2 call 6206a0 call 624ca0 call 6309e0 1181->1200 1197 625ed7-625eee call 5b7750 1185->1197 1186->1165 1193 625f10-625f22 call 6704b0 1186->1193 1193->1197 1215 625f24-625f27 1193->1215 1217 625f02-625f05 1197->1217 1218 625ef0 1197->1218 1325 626100-626120 call 6704b0 1199->1325 1250 6263d8-6263da 1200->1250 1251 6264ff-626508 1200->1251 1202->1148 1210 625c83-625c8d 1202->1210 1210->1149 1223 6262d9-626305 call 6411b0 1215->1223 1224 625f2d-625f30 1215->1224 1229 625f07 1217->1229 1230 625ef5-625efc 1217->1230 1227 626214-626223 call 60e600 1218->1227 1248 62630a 1223->1248 1224->1181 1233 625f36-625f4f call 654e40 1224->1233 1227->1248 1249 626229-626230 1227->1249 1229->1193 1230->1217 1230->1227 1233->1199 1265 626313-626315 1248->1265 1256 626236-62623b 1249->1256 1257 626324-626351 call 6411b0 1249->1257 1253 6263e0-6263fd 1250->1253 1258 6264c7-6264d9 1250->1258 1251->1253 1254 62650e-626512 1251->1254 1259 62641d-62643c call 651140 1253->1259 1254->1253 1263 626518-626523 1254->1263 1271 62623d-62623f 1256->1271 1257->1159 1261 6264db-6264fa call 6411b0 1258->1261 1262 62652d-626537 call 630780 1258->1262 1286 626400-62640d isalpha 1259->1286 1287 62643e-62644b 1259->1287 1261->1162 1262->1261 1263->1262 1265->1271 1269->1186 1279 625cb8-625cbb 1269->1279 1270->1185 1280 625d67-625d6a 1270->1280 1276 6262c0-6262d4 call 642090 1271->1276 1277 626241-626259 call 670440 call 60e600 1271->1277 1276->1223 1306 62631a-62631f 1277->1306 1307 62625f 1277->1307 1279->1186 1280->1186 1288 625d70-625db3 call 6411b0 call 6704b0 1280->1288 1290 626414-62641b 1286->1290 1291 62640f-626412 1286->1291 1287->1258 1294 62644d-626472 call 654e40 1287->1294 1288->1178 1290->1259 1290->1287 1291->1287 1291->1290 1294->1199 1308 626478-626480 call 630780 1294->1308 1310 626264-6262b4 call 6704b0 call 5b7750 call 5bec10 call 5b7660 1306->1310 1307->1310 1308->1199 1310->1276 1325->1162 1330 626126-626132 1325->1330 1331 626485-6264af call 6411b0 1330->1331 1332 626138-62620f call 5bec10 strlen call 5bec10 strcpy call 5bec10 strcpy call 670440 call 6704b0 1330->1332 1331->1178 1338 6264b5-6264c2 1331->1338 1332->1227 1338->1162
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcmp
                                          • String ID: " is already loaded for package "$" isn't loaded statically$_Init$_SafeInit$_SafeInit procedure$_SafeUnload$_Unload$can't use package in a safe interpreter: no $couldn't figure out package name for $couldn't find procedure $file "$fileName ?packageName? ?interp?$must specify either file name or package name$package "$tclLoad
                                          • API String ID: 1004003707-3137382047
                                          • Opcode ID: 38ddfe0c6efd918b8b9de6b1d2f7ca3460ec153a8550dadb05bde20789f32397
                                          • Instruction ID: 2897d17a130f11e931cb4d7a8860a1e3a8b5311b8c3e51ea16fcaa18d3c8987c
                                          • Opcode Fuzzy Hash: 38ddfe0c6efd918b8b9de6b1d2f7ca3460ec153a8550dadb05bde20789f32397
                                          • Instruction Fuzzy Hash: 03226C32709F9184DA60EB26F8557AE63A6F7C5BC4F404026EE8E47B69DF38C485CB40
                                          Function 005F7C30 Relevance: 30.6, APIs: 7, Strings: 13, Instructions: 559COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1620 5f7c30-5f7c5d call 670440 1623 5f7c63-5f7c76 1620->1623 1624 5f8170-5f8187 call 6704b0 1620->1624 1628 5f7c78-5f7ca2 call 6704b0 1623->1628 1629 5f7ca3-5f7d7d call 6704b0 call 644120 call 630910 call 655b40 call 630910 call 655b40 call 624ad0 call 644b00 call 5f24b0 1623->1629 1632 5f8193-5f819f 1624->1632 1684 5f7e59-5f7e6c 1629->1684 1685 5f7d83-5f7d8c 1629->1685 1634 5f8065-5f8078 call 5f75d0 1632->1634 1635 5f81a5-5f81a7 1632->1635 1638 5f807a-5f807f 1634->1638 1642 5f80a8-5f80b2 call 616ca0 1634->1642 1635->1638 1638->1642 1643 5f8081-5f80a3 call 6411b0 1638->1643 1650 5f80c0-5f80ce 1642->1650 1643->1642 1652 5f7f0c-5f7f3a call 609ac0 call 620e10 1650->1652 1653 5f80d4 1650->1653 1666 5f7f3f-5f7f4a 1652->1666 1655 5f80d7-5f80ef 1653->1655 1658 5f85dc 1655->1658 1659 5f80f5-5f814c call 6411b0 call 6416e0 1655->1659 1670 5f8151-5f815e call 630780 1666->1670 1671 5f7f50-5f7f53 1666->1671 1670->1624 1671->1650 1675 5f7f59-5f7f99 call 655b40 call 630910 call 5f2220 call 655a70 1671->1675 1698 5f7f9e-5f7fbd 1675->1698 1689 5f7f08-5f7f0a 1684->1689 1690 5f7e72 1684->1690 1687 5f7d8e-5f7d9d 1685->1687 1688 5f7dc4-5f7dda call 6309e0 1685->1688 1692 5f7dac-5f7db9 1687->1692 1700 5f7ded-5f7e1d call 6309e0 strcmp 1688->1700 1701 5f7ddc 1688->1701 1689->1652 1690->1655 1695 5f7dbb-5f7dbe 1692->1695 1696 5f7da0-5f7da6 1692->1696 1695->1688 1699 5f7e90-5f7e93 1695->1699 1696->1692 1696->1699 1703 5f7fc3-5f7fd0 1698->1703 1704 5f84b0-5f84b5 call 630780 1698->1704 1699->1684 1705 5f7e95-5f7ec4 call 609ac0 1699->1705 1714 5f7e1f-5f7e21 1700->1714 1715 5f7de0-5f7de7 1700->1715 1706 5f7e23-5f7e4d call 630910 call 5f2510 call 655a70 1701->1706 1709 5f7fd6-5f7fe8 1703->1709 1710 5f84a0-5f84a8 call 630780 1703->1710 1731 5f84c0-5f84da strncpy 1704->1731 1721 5f85cb-5f85d0 call 630780 1705->1721 1722 5f7eca-5f7eea call 620e10 1705->1722 1706->1684 1719 5f7fee-5f7ff1 1709->1719 1720 5f8490-5f8498 call 630780 1709->1720 1710->1704 1714->1706 1723 5f7e80-5f7e88 1714->1723 1715->1700 1715->1723 1726 5f7ff7-5f800f call 619750 1719->1726 1727 5f85d5 1719->1727 1720->1710 1721->1727 1740 5f85be-5f85c6 call 630780 1722->1740 1741 5f7ef0-5f7ef9 1722->1741 1723->1699 1744 5f8010-5f803a call 654e20 call 614a90 call 654f90 1726->1744 1727->1658 1738 5f84dd-5f84f2 1731->1738 1738->1738 1743 5f84f4-5f8546 strncpy call 5f7c30 1738->1743 1740->1721 1741->1655 1745 5f7eff-5f7f02 1741->1745 1753 5f856e-5f858e call 654e40 1743->1753 1754 5f8548-5f8556 1743->1754 1764 5f803c-5f8040 1744->1764 1745->1689 1745->1698 1763 5f82c0-5f82d0 call 5bed70 call 654f90 1753->1763 1754->1753 1757 5f8558-5f8562 1754->1757 1757->1753 1759 5f8564-5f856c call 5f7040 1757->1759 1759->1753 1778 5f8210-5f8225 call 654e20 call 614a90 1763->1778 1767 5f8046 1764->1767 1768 5f81c0-5f820b call 654e20 1764->1768 1767->1632 1770 5f804c-5f8050 1767->1770 1768->1778 1774 5f8056-5f805a 1770->1774 1775 5f81b0-5f81b8 1770->1775 1774->1635 1777 5f8060-5f8063 1774->1777 1775->1634 1777->1634 1783 5f822b-5f8242 call 6534b0 1778->1783 1784 5f82d5-5f82ec call 5bec10 1778->1784 1783->1778 1789 5f8244-5f824e 1783->1789 1790 5f82ef-5f8305 1784->1790 1789->1763 1791 5f8250-5f8264 1789->1791 1790->1790 1792 5f8307-5f833e memcpy 1790->1792 1791->1763 1793 5f8266-5f8277 1791->1793 1794 5f8343-5f8359 1792->1794 1796 5f827d-5f829d 1793->1796 1797 5f8593-5f85b9 call 6e95c0 1793->1797 1794->1794 1795 5f835b-5f83de memcpy * 2 call 654f90 1794->1795 1803 5f8411-5f8417 1795->1803 1804 5f83e0-5f83f6 1795->1804 1796->1731 1799 5f82a3-5f82ba strncpy 1796->1799 1797->1763 1799->1763 1806 5f841e-5f8424 1803->1806 1807 5f8419 1803->1807 1805 5f8400-5f840f 1804->1805 1805->1803 1805->1805 1808 5f842b-5f8481 call 5f74f0 1806->1808 1809 5f8426 1806->1809 1807->1806 1808->1720 1809->1808
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: -encoding$.enc$ENCODING$L r$LOOKUP$TCL$binary$final$init$invalid encoding file "$name$unknown encoding "$utf-8
                                          • API String ID: 0-45895543
                                          • Opcode ID: 7e187b295fdfd97fdd6857e117f3ba47be31b0b171796611d10345ba7ec22825
                                          • Instruction ID: 71d1d01c3e47e5ba58d8638673025a2b146fa15eed0a198b9f84483f30864589
                                          • Opcode Fuzzy Hash: 7e187b295fdfd97fdd6857e117f3ba47be31b0b171796611d10345ba7ec22825
                                          • Instruction Fuzzy Hash: FD22DE72309B8986EB64DB26E8553BA6BA2F785BC4F44402ADF8E87719DF3CD504C740
                                          Function 0060AAD0 Relevance: 30.3, APIs: 3, Strings: 14, Instructions: 586COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1812 60aad0-60aaf0 1813 60b440-60b457 call 60c640 1812->1813 1814 60aaf6-60ab40 1812->1814 1820 60b461-60b466 call 630780 1813->1820 1816 60ab45-60ab7c call 60c5e0 1814->1816 1821 60b3d0-60b3e8 call 630a00 1816->1821 1822 60ab82-60ab87 1816->1822 1830 60aeea-60af0a call 5fbff0 1820->1830 1832 60b3ea-60b3f2 call 6413e0 1821->1832 1833 60b3ad-60b3b2 1821->1833 1824 60abb0-60abb5 1822->1824 1825 60ab89-60ab91 1822->1825 1824->1816 1828 60abb7-60abd0 1824->1828 1825->1824 1828->1813 1836 60abd6-60abe5 1828->1836 1844 60b400-60b424 call 654e20 call 654e40 1832->1844 1839 60b602-60b614 call 6411b0 1836->1839 1840 60abeb-60abff 1836->1840 1839->1833 1841 60ac01-60ac14 1840->1841 1842 60ac19-60ac21 1840->1842 1841->1842 1845 60b140-60b15b call 630a00 1842->1845 1846 60ac27-60ac2a 1842->1846 1877 60b430-60b438 call 630780 1844->1877 1858 60b161-60b169 1845->1858 1859 60b579 1845->1859 1850 60ac31-60ac37 1846->1850 1851 60ac2c 1846->1851 1854 60adc0 1850->1854 1855 60ac3d-60ac57 call 624d10 1850->1855 1851->1850 1857 60adc3-60add2 1854->1857 1855->1854 1866 60ac5d-60aca6 call 5fc0b0 1855->1866 1863 60af10-60af18 1857->1863 1864 60add8-60ade8 1857->1864 1865 60b17d-60b18d strchr 1858->1865 1871 60b586-60b58e 1859->1871 1869 60b290-60b299 1863->1869 1870 60af1e-60af38 1863->1870 1872 60b320-60b328 call 654e20 1864->1872 1873 60adee-60ae1d 1864->1873 1867 60b170-60b177 1865->1867 1868 60b18f-60b192 1865->1868 1894 60acb0-60acc0 1866->1894 1867->1844 1867->1865 1868->1859 1875 60b198-60b1ec call 654e20 call 654e40 call 644120 call 6309e0 strpbrk 1868->1875 1881 60b2a0-60b2ba call 6309e0 call 60a050 1869->1881 1876 60af40-60af99 call 654e20 call 654e40 call 630a00 call 654e40 call 60a050 1870->1876 1879 60b671-60b68a call 6411b0 1871->1879 1880 60b594-60b597 1871->1880 1908 60b32d-60b332 1872->1908 1882 60ae20-60ae3e call 630a00 call 654e40 1873->1882 1971 60b1f2-60b20a call 654e20 1875->1971 1972 60b6a8-60b6b5 call 644b00 1875->1972 1947 60b490-60b4a0 call 654f90 1876->1947 1984 60af9f-60afa7 1876->1984 1907 60aeb1-60aeb4 1877->1907 1900 60b690-60b6a3 call 6411b0 1879->1900 1901 60b5b3-60b5bf 1879->1901 1880->1879 1889 60b59d-60b5ae call 6411b0 1880->1889 1911 60b2bf-60b2c1 1881->1911 1926 60ae40-60ae4c call 654e40 1882->1926 1927 60ae51-60ae58 1882->1927 1889->1901 1894->1857 1904 60acc6-60acf6 call 624ca0 call 630a00 1894->1904 1933 60b5eb-60b5fd call 6411b0 1900->1933 1909 60b5c1-60b5e9 call 6309e0 call 6411b0 1901->1909 1953 60afd0-60afe1 1904->1953 1954 60acfc-60ad01 1904->1954 1916 60b3c0 1907->1916 1917 60aeba-60aec1 1907->1917 1918 60b337-60b356 call 640fa0 call 624d10 1908->1918 1909->1933 1924 60b480 1911->1924 1925 60b2c7-60b2ce 1911->1925 1916->1821 1919 60aed2-60aed9 1917->1919 1920 60aec3-60aecc 1917->1920 1964 60b4a5-60b4ab 1918->1964 1965 60b35c-60b364 1918->1965 1919->1830 1932 60aedb-60aee4 1919->1932 1920->1919 1931 60b470-60b475 call 630780 1920->1931 1924->1947 1925->1881 1934 60b2d0-60b2d5 1925->1934 1926->1927 1927->1882 1941 60ae5a-60ae7f call 60a050 1927->1941 1931->1919 1932->1820 1932->1830 1933->1839 1934->1908 1945 60b2d7-60b2d9 1934->1945 1962 60ae84-60ae86 1941->1962 1952 60ae99-60ae9c 1945->1952 1947->1964 1952->1907 1973 60ae9e-60aeab 1952->1973 1966 60aff0-60aff7 1953->1966 1967 60afe3-60afe8 1953->1967 1954->1894 1969 60afb1-60afb6 1962->1969 1970 60ae8c-60ae94 call 654f90 1962->1970 1964->1871 1983 60b4b1 1964->1983 1977 60b36a 1965->1977 1978 60b11f-60b125 1965->1978 1981 60b370-60b378 1966->1981 1982 60affd-60b000 1966->1982 1967->1894 1969->1918 1979 60afbc-60afc4 1969->1979 1970->1952 1994 60b252-60b267 strpbrk 1971->1994 1985 60b6ba 1972->1985 1973->1877 1973->1907 1986 60b12b 1977->1986 1978->1952 1978->1986 1979->1953 1987 60b51c-60b574 call 64c280 call 644b00 call 644bf0 call 640dd0 1981->1987 1988 60b37e-60b38c 1981->1988 1990 60b020-60b031 call 624d10 1982->1990 1991 60b002-60b007 1982->1991 1983->1987 1984->1876 1995 60afa9-60afac call 654f90 1984->1995 1985->1985 1986->1845 1987->1859 1988->1833 1990->1987 2005 60b037-60b03c 1990->2005 1996 60b00d-60b019 1991->1996 1997 60b0fe-60b11a call 644120 call 640dd0 1991->1997 2002 60b210-60b250 call 654e40 * 3 1994->2002 2003 60b269-60b26d 1994->2003 1995->1969 1996->1894 1997->1978 2002->1994 2008 60b280-60b288 call 654f90 2002->2008 2003->2008 2009 60b26f-60b27b call 654e40 2003->2009 2005->1987 2012 60b042-60b075 call 624ca0 call 6309e0 2005->2012 2008->1869 2009->2008 2012->1987 2030 60b07b-60b0b1 call 624ca0 call 6309e0 2012->2030 2035 60b2e0-60b2fd call 624ca0 2030->2035 2036 60b0b7-60b0d5 call 6309e0 2030->2036 2035->1997 2041 60b303-60b312 2035->2041 2036->1987 2042 60b0db-60b0f8 call 624ca0 2036->2042 2041->1894 2042->1997 2045 60b619-60b628 2042->2045 2045->1894
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "-tails" must be used with either "-directory" or "-path"$/\:$?switches? name ?name ...?$\[]*?{}$bad argument to "-types": $creator$hidden$macintosh$no files matched glob pattern$only one MacOS type or creator argument to "-types" allowed$option$readonly$s "$type
                                          • API String ID: 0-3166004180
                                          • Opcode ID: 3847b11553e1a6a6e5d91dae805ca007700be0de30d943152ffb4bb836fbf04e
                                          • Instruction ID: 38e4d48b588f49e9eb0959d9a1f3ceda4d95aa408d04c07f03b9984755fc285b
                                          • Opcode Fuzzy Hash: 3847b11553e1a6a6e5d91dae805ca007700be0de30d943152ffb4bb836fbf04e
                                          • Instruction Fuzzy Hash: 6222E032358B8086EB68DF26E8153AB6762F785BC8F549119EF4A07B98DF7DC445CB00
                                          Function 004E8470 Relevance: 30.1, APIs: 5, Strings: 12, Instructions: 364COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2046 4e8470-4e84a9 call 64b340 2049 4e8a5f-4e8a64 abort 2046->2049 2050 4e84af-4e850c call 4e4180 2046->2050 2057 4e8512-4e8534 2050->2057 2058 4e88d0-4e88d4 2050->2058 2068 4e853a-4e8609 2057->2068 2069 4e8971-4e898a 2057->2069 2059 4e8928-4e892c 2058->2059 2060 4e88d6-4e88eb 2058->2060 2059->2057 2061 4e8932 2059->2061 2062 4e88ed-4e88f4 2060->2062 2063 4e8936-4e893b 2060->2063 2061->2063 2062->2063 2067 4e88f6-4e8923 2062->2067 2065 4e89e7-4e89eb 2063->2065 2066 4e8941-4e896c 2063->2066 2065->2057 2070 4e89f1-4e89fd strlen 2065->2070 2066->2057 2067->2057 2104 4e860b-4e861c 2068->2104 2105 4e8679-4e86b0 GetStdHandle 2068->2105 2081 4e8990-4e89a7 2069->2081 2070->2057 2072 4e8a03-4e8a1f 2070->2072 2072->2057 2076 4e8a25-4e8a2c 2072->2076 2076->2057 2080 4e8a32-4e8a5a 2076->2080 2080->2057 2088 4e89a9-4e89b7 2081->2088 2089 4e89c5-4e89d2 2081->2089 2088->2089 2090 4e875b-4e876c 2089->2090 2091 4e89d8-4e89e2 call 4e80b0 2089->2091 2097 4e876e-4e8771 2090->2097 2098 4e877a-4e87a8 call 4e5bd0 2090->2098 2091->2090 2097->2098 2109 4e87ad-4e87f2 2098->2109 2107 4e8620-4e8677 2104->2107 2112 4e86b6-4e86dc 2105->2112 2113 4e87f3-4e8801 GetFileType 2105->2113 2107->2105 2116 4e86de 2112->2116 2117 4e86e5-4e8703 call 4e3000 2112->2117 2113->2112 2114 4e8807-4e880f GetFileType 2113->2114 2114->2112 2119 4e8815-4e883b 2114->2119 2116->2117 2126 4e8709-4e8724 2117->2126 2127 4e8850-4e886b call 504710 2117->2127 2119->2116 2121 4e8841 2119->2121 2121->2117 2126->2081 2132 4e872a-4e873e call 620ff0 2126->2132 2136 4e8870-4e88c5 call 504710 2127->2136 2137 4e8744-4e8746 2132->2137 2136->2058 2137->2136 2138 4e874c-4e8751 2137->2138 2138->2090
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: FileType$Handleabort
                                          • String ID: -encoding$-file$8.5$Application initialization failed$Error in startup script$P%z$`%z$argc$argv$argv0$errorInfo$tcl_interactive
                                          • API String ID: 1131167754-925753026
                                          • Opcode ID: 73b1eedc74f6cf6620e012de82e4d7fd401a78b33ae277cb2ca6751c743a6bd4
                                          • Instruction ID: bfd3045f245e0cda4724fa18de782348a34a4d7f6b88f36debf36a5c2fcf70db
                                          • Opcode Fuzzy Hash: 73b1eedc74f6cf6620e012de82e4d7fd401a78b33ae277cb2ca6751c743a6bd4
                                          • Instruction Fuzzy Hash: 8DE16776704A8882DF449B26D8583AE2BA1FB89FD5F49812ADE0E537A4DF3CC449C701
                                          Function 0066A450 Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 149COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2147 66a450-66a4d3 call 655b40 call 659c50 GetVersionExA GetSystemInfo call 659d50 2153 66a4d8-66a4e2 2147->2153 2154 66a5d0-66a5f9 call 659d50 2153->2154 2155 66a4e8-66a537 wsprintfA call 659d50 2153->2155 2160 66a600-66a629 call 659d50 2154->2160 2155->2160 2161 66a53d-66a56c call 654e20 call 659ab0 2155->2161 2160->2161 2168 66a572-66a58c call 654e20 call 5f9e60 2161->2168 2169 66a680-66a69f call 659ab0 2161->2169 2180 66a592-66a5cc call 659d50 call 654f90 2168->2180 2181 66a630-66a653 2168->2181 2175 66a6b2-66a6d1 call 659ab0 2169->2175 2176 66a6a1-66a6ad call 654e40 2169->2176 2184 66a6e4-66a6f7 2175->2184 2185 66a6d3-66a6df call 654e40 2175->2185 2176->2175 2181->2180 2192 66a659-66a679 call 661130 2181->2192 2187 66a720-66a738 call 659d50 2184->2187 2188 66a6f9-66a717 call 659d50 2184->2188 2185->2184 2197 66a73d 2187->2197 2188->2187 2192->2180 2197->2197
                                          APIs
                                            • Part of subcall function 00655B40: memcpy.MSVCRT ref: 00655C25
                                          • GetVersionExA.KERNEL32 ref: 0066A4A2
                                          • GetSystemInfo.KERNEL32 ref: 0066A4AD
                                          • wsprintfA.USER32 ref: 0066A507
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: InfoSystemVersionmemcpywsprintf
                                          • String ID: %d.%d$HOME$HOMEDRIVE$HOMEPATH$USERNAME$c:\$env$machine$osVersion$platform$tclDefaultLibrary$tcl_platform$user$windows
                                          • API String ID: 557029762-3100402667
                                          • Opcode ID: 54045bbff3a979603d2ee656f4b7c50ac88b7bed087d0e3a9b6e8225db5b6ab5
                                          • Instruction ID: 38b0e019dd85a5fa2993b100b36ca4bfcacf460f79feeac1095b018f3ce16f37
                                          • Opcode Fuzzy Hash: 54045bbff3a979603d2ee656f4b7c50ac88b7bed087d0e3a9b6e8225db5b6ab5
                                          • Instruction Fuzzy Hash: C461BE71709A81D6EB20DF56E8043D92322F788B89FC84126ED4E57B64DF7ED60ACB10
                                          Function 00506E30 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 125COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2200 506e30-506e67 2202 506e69-506e77 2200->2202 2203 506e7f-506e87 2200->2203 2202->2203 2204 506ea0-506eb9 2203->2204 2205 506e89-506e9c 2203->2205 2207 506f98-506fa9 2204->2207 2208 506ebf-506ed1 2204->2208 2217 506fb0-506fbe 2207->2217 2209 506fd0-506fe3 LoadLibraryA 2208->2209 2210 506ed7-506edf 2208->2210 2209->2210 2214 506fe9-507009 GetProcAddress FreeLibrary 2209->2214 2212 507010-507023 LoadLibraryA 2210->2212 2213 506ee5-506f43 call 50f8d0 2210->2213 2212->2213 2216 507029-507049 GetProcAddress FreeLibrary 2212->2216 2222 507050-507065 call 50f8d0 LoadIconA 2213->2222 2223 506f49-506f5e call 5065f0 2213->2223 2214->2210 2216->2213 2221 506f8b-506f8f 2217->2221 2221->2207 2228 506fc0 2223->2228 2229 506f60-506f89 LoadCursorA 2223->2229 2228->2209 2229->2217 2229->2221
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: SHGetFileInfo$SetLayeredWindowAttributes$TkTopLevel$Unable to register TkTopLevel class$X%z$`%z$pMz$shell32$user32
                                          • API String ID: 0-1294323502
                                          • Opcode ID: 007e4065d176fc4f7438a188868a7faa807ca99a517219beab98234ac85174fa
                                          • Instruction ID: 9636054b7b25a46ffc789ebaf268b8a0c0d1fc6771d44020f21990b86a567d96
                                          • Opcode Fuzzy Hash: 007e4065d176fc4f7438a188868a7faa807ca99a517219beab98234ac85174fa
                                          • Instruction Fuzzy Hash: 95514636B09B4586EB18CB15F9583AE37A4F789B84F844129DE0E477A4EF3CE949C341
                                          Function 00668D20 Relevance: 28.7, APIs: 19, Instructions: 207COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2267 668d20-668d52 call 622860 GetFileAttributesW 2270 668f6c-668f79 GetLastError call 665090 2267->2270 2271 668d58-668d5a 2267->2271 2275 668e92-668ea7 2270->2275 2272 668e90 2271->2272 2273 668d60-668d67 2271->2273 2272->2275 2276 668d75-668d7c 2273->2276 2277 668d69-668d6f 2273->2277 2280 668d87-668d94 2276->2280 2281 668d7e-668d81 2276->2281 2277->2276 2279 668ec0-668ecf call 620530 2277->2279 2279->2275 2280->2272 2284 668d9a-668e17 GetFileSecurityW GetLastError 2280->2284 2281->2280 2283 668eb0-668eba call 6678d0 2281->2283 2283->2279 2283->2280 2287 668ed1-668ef8 HeapAlloc 2284->2287 2288 668e1d-668e29 call 665090 2284->2288 2293 668f60-668f6a GetLastError call 665090 2287->2293 2294 668efa-668f1a GetFileSecurityW 2287->2294 2288->2275 2302 668f3f-668f4f 2293->2302 2296 668e30-668e48 GetSecurityDescriptorOwner 2294->2296 2297 668f20-668f39 GetLastError call 665090 HeapFree 2294->2297 2299 668e73-668e88 HeapFree 2296->2299 2300 668e4a-668e6d GetSidIdentifierAuthority memcmp 2296->2300 2297->2302 2299->2272 2300->2299 2303 668f7e-668f8e ImpersonateSelf 2300->2303 2302->2275 2305 668f55-668f5b CloseHandle 2302->2305 2303->2297 2306 668f90-668fb7 GetCurrentThread 2303->2306 2305->2275 2306->2297 2310 668fbd-66905a RevertToSelf 2306->2310 2311 669068-66906a 2310->2311 2311->2297 2312 669070-66909a HeapFree CloseHandle 2311->2312 2312->2275 2314 6690a0 2312->2314 2314->2314
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ErrorFileLast$AttributesSecurity
                                          • String ID:
                                          • API String ID: 3781014438-0
                                          • Opcode ID: 976eba7ad5b8554b800adcb4d49d1f839a2f09ab6b79133ebc872e95f0eba092
                                          • Instruction ID: bb37087c208b773cac2a5eca4e8a50d31b5e9705bec9323e42f9f3cca467b469
                                          • Opcode Fuzzy Hash: 976eba7ad5b8554b800adcb4d49d1f839a2f09ab6b79133ebc872e95f0eba092
                                          • Instruction Fuzzy Hash: 27819232308B848AEB249B7AF85479EB7A2F789B84F448125DE9D47B55DF7DC408CB40
                                          Function 006085B0 Relevance: 25.1, APIs: 11, Strings: 3, Instructions: 586stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strchrstrpbrk
                                          • String ID: *[]?\$unmatched close-brace in file name$unmatched open-brace in file name
                                          • API String ID: 2473732075-1130589418
                                          • Opcode ID: 896f8861e20d61b45f3996928b0c7fd8140bd547097f583de11203c1da97866b
                                          • Instruction ID: 2ab8f1f18ff02ee65cc217bdc53f326042ebc202e236bafa435f730af15e4be1
                                          • Opcode Fuzzy Hash: 896f8861e20d61b45f3996928b0c7fd8140bd547097f583de11203c1da97866b
                                          • Instruction Fuzzy Hash: 7732B032249B8089DB68DF26E4407AB77A2F785BC8F548119EEC947B99DF3DC445CB40
                                          Function 005999B0 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 333COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: DataFont$Text$Face$Charsetmemset
                                          • String ID: `%z$pamc$pamc$unicode
                                          • API String ID: 1388309208-1237216198
                                          • Opcode ID: ed7901342652f9031945f24a348a74936d6a67480675f635cdec8c4b22b56694
                                          • Instruction ID: b834bea64deb7dd08505b565957a56b5bed86827cd5629a52744e4e96d709de9
                                          • Opcode Fuzzy Hash: ed7901342652f9031945f24a348a74936d6a67480675f635cdec8c4b22b56694
                                          • Instruction Fuzzy Hash: F6E1717621879086DB24CF2AE84476EBBF5F788B84F544119EF8947B68DB3DC845CB00
                                          Function 00670D61 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 124COMMON
                                          Download Yara Rule
                                          APIs
                                          • _ftime64.MSVCRT ref: 00670D8A
                                          • EnterCriticalSection.KERNEL32 ref: 00670DD5
                                          • QueryPerformanceCounter.KERNEL32 ref: 00670DDE
                                          • LeaveCriticalSection.KERNEL32 ref: 00670E9A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: CriticalSection$CounterEnterLeavePerformanceQuery_ftime64
                                          • String ID: gfffffff
                                          • API String ID: 3205125132-1523873471
                                          • Opcode ID: b0e7bd1951ebfb87b7604e657bdb5e2d86c06d995bf97b384978659dd588d8cb
                                          • Instruction ID: c525b4dac6eccc78ed4a96cecaaf6aa2ca8bcc83af776c6cbdcc236dbef9a181
                                          • Opcode Fuzzy Hash: b0e7bd1951ebfb87b7604e657bdb5e2d86c06d995bf97b384978659dd588d8cb
                                          • Instruction Fuzzy Hash: 4E518B71B19A40D6FB18CF66FC5479D63A5F7CAB80F50812AE90E867A0DA3CE605C702
                                          Function 005DFAC0 Relevance: 22.6, APIs: 8, Strings: 6, Instructions: 1638COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcmp
                                          • String ID: -exact$-glob$-nocase$-regexp$default$unknown switch mode: %d
                                          • API String ID: 1475443563-65996839
                                          • Opcode ID: 199ac5fff61d8057c47364aad531e306141edc87ab3aea81a67d7971587e6e98
                                          • Instruction ID: be9907dbba79fa2ec4073f73734b7f9638bb56271ccd3f08f62ea85d4b7ebcad
                                          • Opcode Fuzzy Hash: 199ac5fff61d8057c47364aad531e306141edc87ab3aea81a67d7971587e6e98
                                          • Instruction Fuzzy Hash: CDF2A272204BC5C6DB64CF2AD488B9E7BA9F784B80F968516DB8D87764DF78D484CB00
                                          Function 004E11B0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 188sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterInfoSleepStartupUnhandled
                                          • String ID: 0?z$zz
                                          • API String ID: 2839300629-132331319
                                          • Opcode ID: 83122d605b9625d19f7bb58ce0e0f94103e08d6b209ef30ec34a1e7d3bb5cc04
                                          • Instruction ID: e12f5dc3e52262fbb702c2ea531bd90f4cd01cad7bbb1a9c5ee57929703188c4
                                          • Opcode Fuzzy Hash: 83122d605b9625d19f7bb58ce0e0f94103e08d6b209ef30ec34a1e7d3bb5cc04
                                          • Instruction Fuzzy Hash: 7A719D75B15AC486EB208F17E85076A33A2BB86BC5F84801ADE0E87771DF3DE841C719
                                          Function 00506900 Relevance: 16.8, APIs: 11, Instructions: 290windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: AdjustIconicRectWindowZoomed
                                          • String ID:
                                          • API String ID: 2101886608-0
                                          • Opcode ID: d86dcb834dfcf6bd36423d089655cda0d3a805d05591de5d58b8602e775e0b87
                                          • Instruction ID: ddddcb58baf2119f68975b34f9101f05ef958d6bf90d5f4831f2229f59616785
                                          • Opcode Fuzzy Hash: d86dcb834dfcf6bd36423d089655cda0d3a805d05591de5d58b8602e775e0b87
                                          • Instruction Fuzzy Hash: 60C1CF333112A1CBD7208F29C848F9E7BA5F785784F569115EE69A7B84FB38DC518B40
                                          Function 00530640 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 435COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: " doesn't exist$`%z$failed to allocate font due to $font "$gfff$internal system font engine problem$unknown font style "
                                          • API String ID: 0-3119757937
                                          • Opcode ID: 96649901f5df701c2a4c51c2edb4ac33706d041eabf6ed827b3c1c1fe8a3935c
                                          • Instruction ID: 12bcf2ffd6205ec7f0769b30bd10c1f1058f5f113fc2655f32b921410c1e75b4
                                          • Opcode Fuzzy Hash: 96649901f5df701c2a4c51c2edb4ac33706d041eabf6ed827b3c1c1fe8a3935c
                                          • Instruction Fuzzy Hash: D702A072204B8986DB14DF16E46876FBBA5F788BC4F059126EE8E47B94EF38D444CB40
                                          Function 0066B200 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 119windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: MessagePeek$EventMultipleObjectsResetWait
                                          • String ID: @2z
                                          • API String ID: 2091726164-3531315329
                                          • Opcode ID: d7cb901d96cf4d8b85249c35ba0f103dc5b162baf7fc12bcc1cb7b7db70a29f5
                                          • Instruction ID: 032eb4f7285f09abec86b42c0191cf3c96399eafa4c3f509ebbabd32eebb39ff
                                          • Opcode Fuzzy Hash: d7cb901d96cf4d8b85249c35ba0f103dc5b162baf7fc12bcc1cb7b7db70a29f5
                                          • Instruction Fuzzy Hash: BD41D432724A44C6E7648B26ED91B6E7352F7C9B94F446226EE1E87BA4CF3CD845C700
                                          Function 005EB270 Relevance: 13.9, APIs: 3, Strings: 6, Instructions: 406COMMON
                                          Download Yara Rule
                                          Strings
                                          • EncodeCmdLocMap: bad code length, xrefs: 005EB811
                                          • EncodeCmdLocMap: bad source length, xrefs: 005EB822
                                          • EncodeCmdLocMap: bad code offset, xrefs: 005EB800
                                          • GetCmdLocEncodingSize: bad code length, xrefs: 005EB3A0
                                          • GetCmdLocEncodingSize: bad code offset, xrefs: 005EB3C0
                                          • GetCmdLocEncodingSize: bad source length, xrefs: 005EB3E0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: EncodeCmdLocMap: bad code length$EncodeCmdLocMap: bad code offset$EncodeCmdLocMap: bad source length$GetCmdLocEncodingSize: bad code length$GetCmdLocEncodingSize: bad code offset$GetCmdLocEncodingSize: bad source length
                                          • API String ID: 0-2222437895
                                          • Opcode ID: df873c028e4bba56752b7ce5b004bc24b92f436b8a377e404bde3b9e964028d9
                                          • Instruction ID: 07948439dc6d13e7a44851712e8de3930b7b883e2e15363e762bd80c31d60c3a
                                          • Opcode Fuzzy Hash: df873c028e4bba56752b7ce5b004bc24b92f436b8a377e404bde3b9e964028d9
                                          • Instruction Fuzzy Hash: 0BF1EF73B057C086EB54CF2AE88479F7BA9F784B84F56822ADB9887749EB34C440C740
                                          Function 00613EC0 Relevance: 12.7, APIs: 2, Strings: 6, Instructions: 661COMMON
                                          Download Yara Rule
                                          Strings
                                          • TclGetsObjBinary: restore reached with bufPtr==NULL, xrefs: 00614A00
                                          • @!z, xrefs: 00613EC9
                                          • Tcl_GetsObj: restore reached with bufPtr==NULL, xrefs: 00614918
                                          • attempted gets on binary channel where no iso8859-1 encoding available, xrefs: 00614652
                                          • iso8859-1, xrefs: 00614623
                                          • Tcl_GetsObj: gotEOL reached with bufPtr==NULL, xrefs: 00614678
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @!z$TclGetsObjBinary: restore reached with bufPtr==NULL$Tcl_GetsObj: gotEOL reached with bufPtr==NULL$Tcl_GetsObj: restore reached with bufPtr==NULL$attempted gets on binary channel where no iso8859-1 encoding available$iso8859-1
                                          • API String ID: 0-3940791143
                                          • Opcode ID: 86a0a80fa46c149341322b3517ddf3b0eedbc88db2dbe8b3d3f820a224507abb
                                          • Instruction ID: 0552a2712ac9689b1bce24def99c2d61a76a276d9db2e8cfaa9d784642cabfe5
                                          • Opcode Fuzzy Hash: 86a0a80fa46c149341322b3517ddf3b0eedbc88db2dbe8b3d3f820a224507abb
                                          • Instruction Fuzzy Hash: 24428B767096D086DB60CF26E4447EEB7A2F785B94F198126DF8987B58DF38C881CB01
                                          Function 006679F0 Relevance: 12.3, APIs: 8, Instructions: 317stringfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Handle$CloseFilestrchr$CreateInformation
                                          • String ID:
                                          • API String ID: 1583072716-0
                                          • Opcode ID: 5c5a12483dadda3266407efda84dd4e121ddb954fac02e47157c7e8617d4a18c
                                          • Instruction ID: f43d3936d0fdd6bb0b2eb6f8297957a9a75ce4bf86325045b49ace028cada767
                                          • Opcode Fuzzy Hash: 5c5a12483dadda3266407efda84dd4e121ddb954fac02e47157c7e8617d4a18c
                                          • Instruction Fuzzy Hash: F7C1F3B27197C486D730CBA5B848B9AB3A6E789BD4F109115DFA907B98DF3CD501CB40
                                          Function 00543810 Relevance: 11.8, Strings: 9, Instructions: 507COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: -data$-format$-translation$`%z$binary$can't get image from a file in a safe interpreter$not enough free memory for image buffer$value for "-data" missing$value for "-format" missing
                                          • API String ID: 0-3492253877
                                          • Opcode ID: 7e4af927c043d39467fe61228c96906abe6839b5b2982ff972906e4c8e7d595e
                                          • Instruction ID: f47352191ea5ca5ad27b5edfa0a1f62af87120da039dad1a3f65f0b60dcad482
                                          • Opcode Fuzzy Hash: 7e4af927c043d39467fe61228c96906abe6839b5b2982ff972906e4c8e7d595e
                                          • Instruction Fuzzy Hash: 16321936608B8486DB64DF2AE4947DA7BA0F798B88F154116DFCD47B28DF79C584CB00
                                          Function 006337F0 Relevance: 11.1, APIs: 3, Strings: 4, Instructions: 614COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • extra characters after close-quote, xrefs: 006341DB
                                          • max # of tokens for a Tcl parse (%d) exceeded, xrefs: 00633E3E, 00633FC7
                                          • extra characters after close-brace, xrefs: 00633EB1
                                          • can't parse a NULL pointer, xrefs: 00633835
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: can't parse a NULL pointer$extra characters after close-brace$extra characters after close-quote$max # of tokens for a Tcl parse (%d) exceeded
                                          • API String ID: 3510742995-3985434525
                                          • Opcode ID: cd60ffd5f7e7ebdfc3d1e05116e0a4abc9ec66081e1536bbdfdb19388143cea0
                                          • Instruction ID: 3d0cf5a4e54bd68337affa1855c4c3a39d082a1177b87bbfa097f2ea03e0e62a
                                          • Opcode Fuzzy Hash: cd60ffd5f7e7ebdfc3d1e05116e0a4abc9ec66081e1536bbdfdb19388143cea0
                                          • Instruction Fuzzy Hash: CD42B172204BD48ADB20CF25E4847DEBBE6F788788F54411AEF8947B18DB79D645CB80
                                          Function 005C35D0 Relevance: 10.8, APIs: 3, Strings: 4, Instructions: 315COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • ("foreach" body line %d), xrefs: 005C3ACD
                                          • (setting foreach loop variable "%s"), xrefs: 005C3A82
                                          • foreach varlist is empty, xrefs: 005C38C0
                                          • varList list ?varList list ...? command, xrefs: 005C35FD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memset
                                          • String ID: ("foreach" body line %d)$ (setting foreach loop variable "%s")$foreach varlist is empty$varList list ?varList list ...? command
                                          • API String ID: 2221118986-1385973492
                                          • Opcode ID: 95ad1c9f9a4b0409f3862bb1e119c46d9dce5127879eadd995aa40424bd9d287
                                          • Instruction ID: f398049d10852e0b06c6880ec2324ed23bf214c4e1719d3f3b5fec1257d8bb71
                                          • Opcode Fuzzy Hash: 95ad1c9f9a4b0409f3862bb1e119c46d9dce5127879eadd995aa40424bd9d287
                                          • Instruction Fuzzy Hash: DBC19376605B888ADB50DF96E441B5EBBA1F784BC0F14851AEF8E47B18DF38D544CB40
                                          Function 00569090 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 244COMMON
                                          Download Yara Rule
                                          APIs
                                          • memset.MSVCRT ref: 0056910C
                                            • Part of subcall function 005120C0: strlen.MSVCRT ref: 005120DC
                                            • Part of subcall function 005120C0: sprintf.MSVCRT ref: 0051211E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memsetsprintfstrlen
                                          • String ID: Text$`%z$current$flat$insert$sel
                                          • API String ID: 3751479073-2811363441
                                          • Opcode ID: 5e2b1f57994b982bfdb7eb4444c539a192ed3397592b692de885fccb230ad75c
                                          • Instruction ID: cde5ec14627ef5dba41ae37f56fe4e88c8b74757ce0bc72f5c83cb03d3c3b3c8
                                          • Opcode Fuzzy Hash: 5e2b1f57994b982bfdb7eb4444c539a192ed3397592b692de885fccb230ad75c
                                          • Instruction Fuzzy Hash: 9BB175B2200B8486EB50DF26E89879A3BA5F788F98F498136DF4D4B358DF39C585C740
                                          Function 006766E0 Relevance: 10.7, Strings: 8, Instructions: 666COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ($($($b$b$b$b$d
                                          • API String ID: 0-2140089237
                                          • Opcode ID: 6f1c96a86767caba0b2663ba3645421a16cae741db07801b979d241ba9bed2ef
                                          • Instruction ID: 90fd39e52ce7a91d000b355c2978383fd21b4573a9281e8b30d213dd7d73a5f3
                                          • Opcode Fuzzy Hash: 6f1c96a86767caba0b2663ba3645421a16cae741db07801b979d241ba9bed2ef
                                          • Instruction Fuzzy Hash: CD528F37228B9086C764CF26E44075EB7A2F789BD4F149129FF8E47B18DB79D9908B40
                                          Function 005EBA90 Relevance: 10.1, APIs: 2, Strings: 4, Instructions: 1115stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • EnterCmdStartData: bad command index %d, xrefs: 005EBD0C
                                          • EnterCmdExtentData: bad command index %d, xrefs: 005EC55C
                                          • EnterCmdStartData: cmd map not sorted by code offset, xrefs: 005EBD5A
                                          • EnterCmdExtentData: missing start data for command %d, xrefs: 005EC576
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strlen
                                          • String ID: EnterCmdExtentData: bad command index %d$EnterCmdExtentData: missing start data for command %d$EnterCmdStartData: bad command index %d$EnterCmdStartData: cmd map not sorted by code offset
                                          • API String ID: 39653677-2930768402
                                          • Opcode ID: 80ebf22ea966860f1d7dcc39fa4525bfc90a81226f96e9b91abacd5e2c1ad237
                                          • Instruction ID: a0faa7e0a2619dd834c8c391e46e406d783e2977744760e95822dfe494d3bf5d
                                          • Opcode Fuzzy Hash: 80ebf22ea966860f1d7dcc39fa4525bfc90a81226f96e9b91abacd5e2c1ad237
                                          • Instruction Fuzzy Hash: 73B23B72204BC586DB58CF2AD488B9E7FA9F784BC0F958526DB8D87725DB38C445DB00
                                          Function 006692F0 Relevance: 9.5, APIs: 6, Instructions: 452fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Find$CloseFileFirstwcslen
                                          • String ID:
                                          • API String ID: 3966910966-0
                                          • Opcode ID: f4bac416ebfb1a85b7cc7fa3d43cfab0dd8853760ad71596e821ca03c5c03c00
                                          • Instruction ID: f7e23207a75bbc2280b37917e5ffea65b77060196418c4f7a218b9b1c585ed4c
                                          • Opcode Fuzzy Hash: f4bac416ebfb1a85b7cc7fa3d43cfab0dd8853760ad71596e821ca03c5c03c00
                                          • Instruction Fuzzy Hash: ADF1F472318AC089CB609F22E4553AA67A7F786BD8F48411AEE8E4B749DF3DC445C714
                                          Function 00683D40 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 314COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: Q?$invalid block type
                                          • API String ID: 3510742995-580378122
                                          • Opcode ID: fd664bcba4a8ac7fa470548defff6228dd376ff799db81fa707ecb0e139448c4
                                          • Instruction ID: 15b7eac92fa973988125297c155e1136a476962d35fe35f0718879f4316af7f9
                                          • Opcode Fuzzy Hash: fd664bcba4a8ac7fa470548defff6228dd376ff799db81fa707ecb0e139448c4
                                          • Instruction Fuzzy Hash: 9CC103B37146618FD764DF29D48476D7BA6F784B88F10822AEB1A87B48DB39C944CF40
                                          Function 005D7D50 Relevance: 5.5, Strings: 4, Instructions: 492COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TclCompileIfCmd: unexpected opcode "%d" updating ifFalse jump$else$elseif$then
                                          • API String ID: 0-2424002538
                                          • Opcode ID: 0e5a180de54876f779fc56628427659d23295c17fa08501d1eb24e7d56859c61
                                          • Instruction ID: c8d83f1412f61fa9dfd9f95f09d0f47895e29e4d20a4655021d4064d2bac691c
                                          • Opcode Fuzzy Hash: 0e5a180de54876f779fc56628427659d23295c17fa08501d1eb24e7d56859c61
                                          • Instruction Fuzzy Hash: 15226D76618A81C6DB34CF29D48876E7BA2F388B88F548527DB4E47718DF38D985CB40
                                          Function 005402D0 Relevance: 5.0, APIs: 1, Strings: 2, Instructions: 531COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sscanf
                                          • String ID: %d/%d/%d$`%z
                                          • API String ID: 3173990253-72943932
                                          • Opcode ID: a2dc67066753ebd379ddb9c0198c577304eb741d7f67edcaa6b5bc63b8889c74
                                          • Instruction ID: fd5174abb65c179c99036b7e499771bb9fdca8a315fbe883db6849ea93328ef6
                                          • Opcode Fuzzy Hash: a2dc67066753ebd379ddb9c0198c577304eb741d7f67edcaa6b5bc63b8889c74
                                          • Instruction Fuzzy Hash: F14276736086D5CBD770CB29E48079EBBA5F788788F159226DB8983B58DB38E455CF00
                                          Function 00618DA0 Relevance: 4.3, Strings: 3, Instructions: 534COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ": $error reading "$error writing "
                                          • API String ID: 0-996114470
                                          • Opcode ID: 2d334161d82d56d1ca6e529985fe17c20abc8f1919241a1fca2e8fb46ac02b64
                                          • Instruction ID: 4843690c3d758118daec74806699eaa1d801b35c47695c69d135633ef44f52be
                                          • Opcode Fuzzy Hash: 2d334161d82d56d1ca6e529985fe17c20abc8f1919241a1fca2e8fb46ac02b64
                                          • Instruction Fuzzy Hash: 1622C272215B808AEBA4DF26D5643DA77A2F784BC4F08801AEE4E47B58DF7DC485CB50
                                          Function 005BB420 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 725stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strlen
                                          • String ID: (expanding word %d)
                                          • API String ID: 39653677-2257676180
                                          • Opcode ID: 22c7c4693d95d7926aa0d969ed9f1029503648c8782558e20d5b630a2bc8152c
                                          • Instruction ID: 47a7b32ac9db6c65b15f6406cbbee1e2a57d7fba7d35a268a99a81bbabcc3943
                                          • Opcode Fuzzy Hash: 22c7c4693d95d7926aa0d969ed9f1029503648c8782558e20d5b630a2bc8152c
                                          • Instruction Fuzzy Hash: 56626D72605B848AEB60CF1AE58439EBBA5F7C4B84F148515EF8D47B18DFB9E844CB40
                                          Function 005ECEC0 Relevance: 3.5, Strings: 2, Instructions: 976COMMON
                                          Download Yara Rule
                                          Strings
                                          • Unexpected token type in TclCompileTokens: %d; %.*s, xrefs: 005ED384
                                          • , xrefs: 005ED32D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $Unexpected token type in TclCompileTokens: %d; %.*s
                                          • API String ID: 0-4216142583
                                          • Opcode ID: c95685c520a4dfcf9f1e39b9df66097ff5c40fe81ad89748c64c4fb53bebf85b
                                          • Instruction ID: de18e2c14dbd05a51d2946fa0f7f3eccc0e5777fd50403a9fc7ea15c61494c90
                                          • Opcode Fuzzy Hash: c95685c520a4dfcf9f1e39b9df66097ff5c40fe81ad89748c64c4fb53bebf85b
                                          • Instruction Fuzzy Hash: 039270B3304682C6EB18CF3AD48476D7BB2F394B48F549525DB8A87359DB39D884CB60
                                          Function 00635EC0 Relevance: 3.1, Strings: 2, Instructions: 566COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 0 z$can't find objectstring representation
                                          • API String ID: 0-1249649878
                                          • Opcode ID: 134f48ae2c699c4d3aa9b4c35a8ab8fa7dbb5a61ca0ddee050f613ac6d361413
                                          • Instruction ID: 61e7d4c20a704394b34907a1e21bddb71da23d75e1643dd70de85b7cff5aea97
                                          • Opcode Fuzzy Hash: 134f48ae2c699c4d3aa9b4c35a8ab8fa7dbb5a61ca0ddee050f613ac6d361413
                                          • Instruction Fuzzy Hash: BA12262230569095DF28DF26D5567BA6BA3EB81BC4F49C029EE4A4B746DF39C844C7C0
                                          Function 00660AB0 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: InfoQuerySystemVirtual
                                          • String ID:
                                          • API String ID: 401686933-0
                                          • Opcode ID: 8da59235bdb5597079d4da175f09e0e05769e4daa51251632bb50e8b29291911
                                          • Instruction ID: 7be412e5ae2e55e4d0a37ba1ada7f0842b3351a3aff9db344234a6affb79ebc1
                                          • Opcode Fuzzy Hash: 8da59235bdb5597079d4da175f09e0e05769e4daa51251632bb50e8b29291911
                                          • Instruction Fuzzy Hash: 20113032719B0485EF618F19E49035E7761F789B98F488135AA8D43764DF3DD595CB00
                                          Function 006347D0 Relevance: 2.8, Strings: 2, Instructions: 344COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $unexpected token type in TclSubstTokens: %d
                                          • API String ID: 0-3341726691
                                          • Opcode ID: fb791afd81a6f568848efdb305c626d372127b361e0a2244a70cc9de24a7efd4
                                          • Instruction ID: 7e5fdb722fa5a57cd6fce43e8e9a7aa8d863bcbfaefeacbece35360b2f71c489
                                          • Opcode Fuzzy Hash: fb791afd81a6f568848efdb305c626d372127b361e0a2244a70cc9de24a7efd4
                                          • Instruction Fuzzy Hash: 43D1EF323096818ADB60CF16E445BAFF7A2F7C4B98F555015EE8947B18DF38E845CB80
                                          Function 005DCAD0 Relevance: 1.8, Strings: 1, Instructions: 595COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: -options
                                          • API String ID: 0-1242074391
                                          • Opcode ID: 6128ad919fa9c3ec874563d3fef9ea82e236453420ba77e583c1c1b0791f1d24
                                          • Instruction ID: 9b7a82a903792c1458da749b68868c3fd5acc5e607714212e30b290adc791d16
                                          • Opcode Fuzzy Hash: 6128ad919fa9c3ec874563d3fef9ea82e236453420ba77e583c1c1b0791f1d24
                                          • Instruction Fuzzy Hash: 39424BB2204A46C6DB25CF2DD488B9E7FA6F384BC4F968127CA4D87324DB75D885C750
                                          Function 005DAC00 Relevance: .3, Instructions: 317COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad103385ca590215cb8a5ba439ed60cced02d1c609d1ec4970166906ef102025
                                          • Instruction ID: 0ce5a792c4018c90485be27469bb81ceecb40df6b7442587a9199a3241df53a9
                                          • Opcode Fuzzy Hash: ad103385ca590215cb8a5ba439ed60cced02d1c609d1ec4970166906ef102025
                                          • Instruction Fuzzy Hash: 44D168B7304A42C6EB20CF3DD48476E7BA6F398B48F548227DA4987358DB39C895CB41
                                          Function 0066AB20 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 146COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1346 66ab20-66ab45 1347 66ab67-66ab83 call 670440 1346->1347 1348 66ab47-66ab61 GetEnvironmentVariableW 1346->1348 1354 66ac20-66ac30 GetModuleHandleW 1347->1354 1355 66ab89-66aba4 call 6704b0 call 669bc0 1347->1355 1348->1347 1349 66ac10-66ac15 call 66c5e0 1348->1349 1356 66abf4-66ac07 1349->1356 1357 66ac36-66ac49 GetProcAddress 1354->1357 1358 66ad60 1354->1358 1369 66abc6-66abea GetTempFileNameW 1355->1369 1370 66aba6-66abc1 call 6309e0 call 659df0 1355->1370 1357->1358 1360 66ac4f-66ac7c GetTempPathW 1357->1360 1362 66ad70-66ad75 call 620530 1358->1362 1360->1362 1363 66ac82-66acc7 wcscpy GetCurrentProcessId 1360->1363 1368 66ad7a-66ada8 call 620550 call 644f60 call 640dd0 call 6704b0 1362->1368 1366 66aced-66ad09 wsprintfW CreateDirectoryW 1363->1366 1371 66acd0-66acd8 GetLastError 1366->1371 1372 66ad0b-66ad5a call 5bec10 wcscpy call 659df0 1366->1372 1375 66adb0-66adb7 call 665090 1368->1375 1369->1356 1373 66abec-66abef call 669bc0 1369->1373 1370->1369 1371->1375 1376 66acde-66ace7 1371->1376 1372->1358 1373->1356 1375->1368 1376->1366 1376->1375
                                          APIs
                                          • GetEnvironmentVariableW.KERNEL32 ref: 0066AB59
                                          • GetTempFileNameW.KERNEL32 ref: 0066ABDE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: EnvironmentFileNameTempVariable
                                          • String ID: %08x$10BITROCK_TEMP_FOLDER$::bitrock_dll_dir$::bitrock_tcl_is_using_only_s32_dll_path$AddDllDirectory$BRLXXXXXXXX$couldn't create temporary directory: %s$kernel32.dll
                                          • API String ID: 519535607-2396876941
                                          • Opcode ID: 9dacaea222f8fa68d94e510d36e82b5ad7326c725df8c56c3bc6be1d7cfb7bbe
                                          • Instruction ID: 124cf030a7a8dac4bd34d67592ce82f342fc100e5635e1ff945dab11cb6b7fc7
                                          • Opcode Fuzzy Hash: 9dacaea222f8fa68d94e510d36e82b5ad7326c725df8c56c3bc6be1d7cfb7bbe
                                          • Instruction Fuzzy Hash: DD51E231B08E4191EB54DF66FC543AA2362FBC5B84F84402AAD0E57365EF3CD549C751
                                          Function 0059AE00 Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 143COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1394 59ae00-59ae1a 1395 59b080 1394->1395 1396 59ae20-59ae5e SystemParametersInfoA 1394->1396 1397 59afb0-59afc7 call 59a210 1396->1397 1398 59ae64-59ae85 SystemParametersInfoA 1396->1398 1404 59afcc-59b054 call 59a210 * 6 1397->1404 1399 59ae8b-59af7b GetDC GetDeviceCaps MulDiv * 2 ReleaseDC call 59a210 1398->1399 1400 59b060-59b076 call 59a210 1398->1400 1409 59af80-59af95 GetStockObject call 59a1a0 1399->1409 1400->1395 1404->1400 1413 59af9a-59af9f 1409->1413 1413->1409 1415 59afa1-59afae 1413->1415
                                          APIs
                                          • SystemParametersInfoA.USER32 ref: 0059AE5A
                                          • SystemParametersInfoA.USER32 ref: 0059AE81
                                          • GetDC.USER32 ref: 0059AF01
                                          • GetDeviceCaps.GDI32 ref: 0059AF12
                                          • MulDiv.KERNEL32 ref: 0059AF31
                                          • MulDiv.KERNEL32 ref: 0059AF43
                                          • GetStockObject.GDI32 ref: 0059AF86
                                          • ReleaseDC.USER32 ref: 0059AF57
                                            • Part of subcall function 0059A210: CreateFontIndirectA.GDI32 ref: 0059A225
                                            • Part of subcall function 0059A210: DeleteObject.GDI32 ref: 0059A246
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: InfoObjectParametersSystem$CapsCreateDeleteDeviceFontIndirectReleaseStock
                                          • String ID: 1$L$TkCaptionFont$TkDefaultFont$TkFixedFont$TkHeadingFont$TkIconFont$TkMenuFont$TkSmallCaptionFont$TkTextFont$TkTooltipFont
                                          • API String ID: 3648341535-2531317794
                                          • Opcode ID: c7456e5c9e866fa12a1864bd565748fd62cd8bda6d74534324a4af90b17a2d69
                                          • Instruction ID: ee1c86dc4e5b4cb8df3084afb215f19f545829273ec27414da65c0951243940c
                                          • Opcode Fuzzy Hash: c7456e5c9e866fa12a1864bd565748fd62cd8bda6d74534324a4af90b17a2d69
                                          • Instruction Fuzzy Hash: 1B51927271868485EB50DF61E8187CEBB61F389BC8F484426EE490B798DF7DC509CB62
                                          Function 0050B600 Relevance: 32.1, APIs: 12, Strings: 6, Instructions: 569windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Window$ClientMessageMovePlacementRectSendShowVisible
                                          • String ID: *$,$WM_PROTOCOLS$WM_SAVE_YOURSELF$`%z$pMz
                                          • API String ID: 30108072-3760838375
                                          • Opcode ID: 0b2258bedca64bed5ab0d00808a469bb3fc8c5f6454cbf84f56e287dee081ffd
                                          • Instruction ID: 8f4ba21fa6e254a5b698237598e30a01d683ceeaa443964740e23102789a68be
                                          • Opcode Fuzzy Hash: 0b2258bedca64bed5ab0d00808a469bb3fc8c5f6454cbf84f56e287dee081ffd
                                          • Instruction Fuzzy Hash: 5C325F72604685CBEB74CF25E4847AE7BA1F7C8B44F144526DB8A47BA8DB38D844CB41
                                          Function 00586070 Relevance: 29.9, APIs: 2, Strings: 15, Instructions: 109windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2231 586070-5860a4 call 4f5030 call 4f4d30 2236 58624a-586252 2231->2236 2237 5860aa-5861b4 call 4f5ef0 * 7 CreateBitmap CreatePatternBrush call 4f4cd0 2231->2237 2254 5861b9-5861fc call 4f5ef0 * 2 2237->2254 2259 58621e-586248 call 4ee780 2254->2259 2260 5861fe 2254->2260 2259->2236 2261 586200-58621c call 4f5ef0 2260->2261 2261->2259
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Create$BitmapBrushPattern
                                          • String ID: 8.5$Button.border$Combobox.focus$Scrollbar.trough$`%z$alt$border$client$field$focus$slider$thumb$ttk::theme::winnative$w>t$winnative
                                          • API String ID: 3280665104-2452501902
                                          • Opcode ID: 3cef17cf7ed998bf3fb6ec547fc61d8e429107c353dd9ec2ada1d679336f11d4
                                          • Instruction ID: 1569b604c0c176a2f009f124da3be7cad6b25ce02f64d334449c1ea3c8c7b402
                                          • Opcode Fuzzy Hash: 3cef17cf7ed998bf3fb6ec547fc61d8e429107c353dd9ec2ada1d679336f11d4
                                          • Instruction Fuzzy Hash: CE412E70B04A9A90FF04AB56FD517E92B66FB84BC8F8150279E0E17B25DF6DD609C340
                                          Function 00503090 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 184windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2315 503090-5030d9 call 5023c0 2317 5030de-50310a SetROP2 CreateCompatibleDC 2315->2317 2318 5032d0-5032de 2317->2318 2319 503110-503120 2317->2319 2322 503390-5033b6 CreateBitmap 2318->2322 2323 5032e4-503326 call 548820 CreateBitmap 2318->2323 2320 5032a3-5032ae 2319->2320 2321 503126-50317d 2319->2321 2332 5032c0-5032c7 2320->2332 2321->2332 2333 503183-50318a 2321->2333 2324 50332c-503347 SetTextColor SetBkColor 2322->2324 2323->2324 2326 503203-503290 SelectObject BitBlt SelectObject DeleteObject DeleteDC call 502470 2324->2326 2327 50334d-503382 DeleteDC call 502470 2324->2327 2338 503292-5032a2 2326->2338 2327->2338 2336 5031cb-5031fd CreateDIBitmap 2332->2336 2333->2336 2337 50318c-50319c 2333->2337 2336->2326 2336->2327 2340 5031a1-5031c9 2337->2340 2340->2336 2340->2340
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: CreateObject$DeleteSelect$BitmapColorCompatible$ModeText
                                          • String ID: $Fail to allocate bitmap$`%z
                                          • API String ID: 883573663-2692805827
                                          • Opcode ID: 4bb575a604244f0044f844cedf2e5b028d95bbffcb5bdd7fbf6b17b16b7d9af4
                                          • Instruction ID: c9d49dc7d1c1f19d095fb41e86cc4267bfc069cde945982b37a8188c4adbc1bf
                                          • Opcode Fuzzy Hash: 4bb575a604244f0044f844cedf2e5b028d95bbffcb5bdd7fbf6b17b16b7d9af4
                                          • Instruction Fuzzy Hash: 5C714876709A808BDB64CF12E94879EBBA5F789B84F048125DE8E47B54DF3CE945CB00
                                          Function 0059D6C0 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 387windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Menu$CountItemRemove
                                          • String ID: (Image)$(Pixmap)$(Tear-of$.system$X%z$`%z$pMz
                                          • API String ID: 1046485675-1943456732
                                          • Opcode ID: 337409a2e1ca5959d910bf30cb39d045fb6cb598b8de3be5b303674ae4609795
                                          • Instruction ID: 24c8f71c21e305d0cdb96aa07103034d44447ec310f252e1134ebedb60a09a39
                                          • Opcode Fuzzy Hash: 337409a2e1ca5959d910bf30cb39d045fb6cb598b8de3be5b303674ae4609795
                                          • Instruction Fuzzy Hash: 0AF16636305B8486DB658F26E5487AA7BB4F789F84F048126DF4E07B68DF78C854CB50
                                          Function 0064D2C0 Relevance: 23.0, APIs: 2, Strings: 13, Instructions: 497COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcmp
                                          • String ID: " doesn't exist$": must be cancel, idle, info, or an integer$?id?$Tcl_AfterObjCmd: bad subcommand index to afterSubCmds$after#%d$bad argument "$event "$idle$id|command$option ?arg arg ...?$script script ...$tclAfter$timer
                                          • API String ID: 1475443563-1386175169
                                          • Opcode ID: ec3985fe3d2127a1411a5be4c66aaa8c306f2d564258c6ac36c565b40bcb4d6e
                                          • Instruction ID: 86f7c3da7bc734882fcd86f3b68618095d701856f46a087df6510730b3712de4
                                          • Opcode Fuzzy Hash: ec3985fe3d2127a1411a5be4c66aaa8c306f2d564258c6ac36c565b40bcb4d6e
                                          • Instruction Fuzzy Hash: 7812EF72B0474486CB58DF25E8453AEB3A7F785BD4F54812AEA4E4BB88EF38D845C740
                                          Function 0062B100 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 239stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strpbrk
                                          • String ID: " into itself$" tries to import from namespace "$*[?\$LOOKUP$NAMESPACE$TCL$auto_imp$auto_import$empty import pattern$import pattern "$no namespace specified in import pattern "$unknown namespace in import pattern "
                                          • API String ID: 3024680390-68870311
                                          • Opcode ID: b5da4173779c2843e10b035c0a343c303be76672557effc9eb8822ebf3c13311
                                          • Instruction ID: fe8017679f04c5f4c13a0f606e7b472c68f17e57906dcfb84e71cd0424aeeb37
                                          • Opcode Fuzzy Hash: b5da4173779c2843e10b035c0a343c303be76672557effc9eb8822ebf3c13311
                                          • Instruction Fuzzy Hash: 6EA19932209F9086DB54DF26F84039A77A2FB84B94F485126AE8C4B769EF3CD546CB44
                                          Function 004E35F0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 101libraryloaderwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: AddressMessageProc$BeepByteCharExitHandleModuleMultiProcessWidesetlocale
                                          • String ID: ...$Fatal Error in Installer$SetDefaultDllDirectories$SetDllDirectoryA$kernel32
                                          • API String ID: 254780494-377649564
                                          • Opcode ID: b8da6d751e6ab8f758e4d1a97c4c08ffc4350b066502232bfc109757cfd54054
                                          • Instruction ID: 5ed324a7356efd6e5c5311b184ae0b8d04419ad0c0c82f68a2563bcf142c841b
                                          • Opcode Fuzzy Hash: b8da6d751e6ab8f758e4d1a97c4c08ffc4350b066502232bfc109757cfd54054
                                          • Instruction Fuzzy Hash: AB41D0A1B18B8491EB259F26FC147A97761FB88BC1F84412ACE4D077A5DF3CC506C714
                                          Function 00585220 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 89windowregistryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Window$Load$Icon$ClassCreateCursorLongRegisterShowUpdate
                                          • String ID: P$TtkMonit$TtkMonit$orClass$orWindow
                                          • API String ID: 1906826020-1619401100
                                          • Opcode ID: c16a52295aa9ca026671718ebd71ce9a1c1f19ec7167209d8318389780137645
                                          • Instruction ID: 24d7a476263193052d445e7db90bf73545dbab70c39b04b8f73ac6d77bddcba4
                                          • Opcode Fuzzy Hash: c16a52295aa9ca026671718ebd71ce9a1c1f19ec7167209d8318389780137645
                                          • Instruction Fuzzy Hash: 6141073220DB8185E7A09B51F85839FB6A1F785B84F148129DACD4BB98DF7DC149CB41
                                          Function 00678D10 Relevance: 21.5, APIs: 6, Strings: 6, Instructions: 536COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: __iob_func
                                          • String ID: ========= LA%d ==========$========= RAW ==========$========= SEARCH ==========$========= TREE FIXED ==========$h$p7g
                                          • API String ID: 686374508-496314983
                                          • Opcode ID: bec0f598067c39aab245631c6c6719d7f061f2b3fdf68e0375041e4c43f0590b
                                          • Instruction ID: ca5ff5d3a4a487ccde5ef87522a3d8210701970c1eaee98520ef93fe96210274
                                          • Opcode Fuzzy Hash: bec0f598067c39aab245631c6c6719d7f061f2b3fdf68e0375041e4c43f0590b
                                          • Instruction Fuzzy Hash: 05327BB2601B8086EB64CF25E444B9E33B2F745B98F59C12ADE4D4B358EF79C885C760
                                          Function 00599F90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ObjectSelectText$CharFaceMetricsReleaseWidth
                                          • String ID: `%z
                                          • API String ID: 2554767908-4021639927
                                          • Opcode ID: 4736f174a7e6d1379c5204d79fb3372fd599d7ad35153a2d40504b98e2917139
                                          • Instruction ID: 8dcf41acea9b80054da945fdedf8d46af54275f9b6a11dce4ecb5cd7e4ad3948
                                          • Opcode Fuzzy Hash: 4736f174a7e6d1379c5204d79fb3372fd599d7ad35153a2d40504b98e2917139
                                          • Instruction Fuzzy Hash: 2E517D36618B848ADB90DF26E848B4E7BA9FB89B80F054126EE4D83724DF3CC445CB01
                                          Function 006795E9 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 208fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: fwrite$__iob_func$fprintf
                                          • String ID: ========= LA%d ==========$========= RAW ==========$========= SEARCH ==========$========= TREE FIXED ==========$h
                                          • API String ID: 2719856059-3063565132
                                          • Opcode ID: f9e36d82e609f2d05a3541552750e631cd0250153cce3eab25c534b9a767324b
                                          • Instruction ID: c5870f119862d48d4c871a7f133f8c9b57c4549476f185c2c85d2efcaaf97e71
                                          • Opcode Fuzzy Hash: f9e36d82e609f2d05a3541552750e631cd0250153cce3eab25c534b9a767324b
                                          • Instruction Fuzzy Hash: 81818876700A9082DB64DF22D444BAA33A3F785FC8F58C22ADE4D0B759DB39C944C764
                                          Function 006796C4 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 200fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: fwrite$__iob_func$fprintf
                                          • String ID: ========= LA%d ==========$========= RAW ==========$========= SEARCH ==========$========= TREE FIXED ==========$h
                                          • API String ID: 2719856059-3063565132
                                          • Opcode ID: 2ad52cc18ccfe9e08d42d16eb409c6b32b561f89cc225018d708738f24b924d5
                                          • Instruction ID: 4dc6666c82073170494ce79f068576a76521eaae2399c48a6be28220d4f9427c
                                          • Opcode Fuzzy Hash: 2ad52cc18ccfe9e08d42d16eb409c6b32b561f89cc225018d708738f24b924d5
                                          • Instruction Fuzzy Hash: 89817576700B8082DB649F22D454BAA33A3F785FC8F58C62ADE4D0B759DB3AC944C764
                                          Function 0067967B Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 199fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: fwrite$__iob_func$fprintf
                                          • String ID: ========= LA%d ==========$========= RAW ==========$========= SEARCH ==========$========= TREE FIXED ==========$h
                                          • API String ID: 2719856059-3063565132
                                          • Opcode ID: 1df1b03b038b425ee59bcb1332a02395ef903d91720b5a3f8584a5bbdfb4b7be
                                          • Instruction ID: d0263fc312dce849741f7e76d7a6f1bfed7f3da5d273ca317981831b4c31ee4e
                                          • Opcode Fuzzy Hash: 1df1b03b038b425ee59bcb1332a02395ef903d91720b5a3f8584a5bbdfb4b7be
                                          • Instruction Fuzzy Hash: D6815676701A8082DB64DF22D444BAA33A3F789FC8F58C229DE4D0B759DB3AC944C764
                                          Function 006796D8 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 199fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: fwrite$__iob_func$fprintf
                                          • String ID: ========= LA%d ==========$========= RAW ==========$========= SEARCH ==========$========= TREE FIXED ==========$h
                                          • API String ID: 2719856059-3063565132
                                          • Opcode ID: 2316cfbfbe15ca589369ad203be30bbaaed7954550c601f3757c517f47157881
                                          • Instruction ID: cd6f699c4ee24109861ffdea430e68db6b6a2364e933684b187b2fd25395af5e
                                          • Opcode Fuzzy Hash: 2316cfbfbe15ca589369ad203be30bbaaed7954550c601f3757c517f47157881
                                          • Instruction Fuzzy Hash: 12816676701A8082DB64DF22D444BAA33A3F785FC8F58C229DE4D0B759DB3AC944C764
                                          Function 006796A1 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 199fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: fwrite$__iob_func$fprintf
                                          • String ID: ========= LA%d ==========$========= RAW ==========$========= SEARCH ==========$========= TREE FIXED ==========$h
                                          • API String ID: 2719856059-3063565132
                                          • Opcode ID: 726d7e51525e6bb31e6a58388bbb43e30bb56354ea2b8b7a6c30c317cdec2e01
                                          • Instruction ID: 886a112e97d425bc20a85c098f7211a162f08a0f6e187505b912331f30eba763
                                          • Opcode Fuzzy Hash: 726d7e51525e6bb31e6a58388bbb43e30bb56354ea2b8b7a6c30c317cdec2e01
                                          • Instruction Fuzzy Hash: 46816676701A9082DB64DF22D444BAA33A3F785FC8F58C229DE4D0B759DB3AC944C764
                                          Function 006796B2 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 199fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: fwrite$__iob_func$fprintf
                                          • String ID: ========= LA%d ==========$========= RAW ==========$========= SEARCH ==========$========= TREE FIXED ==========$h
                                          • API String ID: 2719856059-3063565132
                                          • Opcode ID: 4b901ab60c490f43537fe26bc0228fb399f15a5660ff7ca0b5ada6145389e076
                                          • Instruction ID: 8785f0dafae105bc26a53f11f1990e1f0319e43d8fe100a42ee9160c82ee94bf
                                          • Opcode Fuzzy Hash: 4b901ab60c490f43537fe26bc0228fb399f15a5660ff7ca0b5ada6145389e076
                                          • Instruction Fuzzy Hash: 78816676700A8082DB64DF22D444BAA33A3F785FC8F58C629DE4D0B759DB3AC944C764
                                          Function 0067968D Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 196fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: fwrite$__iob_func$fprintf
                                          • String ID: ========= LA%d ==========$========= RAW ==========$========= SEARCH ==========$========= TREE FIXED ==========$h
                                          • API String ID: 2719856059-3063565132
                                          • Opcode ID: 95f205949f6d1cf3731b94ebaf0f5bc6fd3c17ba67b03f600e85f0b78bef9e04
                                          • Instruction ID: 2bc7b0e3fca494d37edcd84288026bdff49296b5fbfae96dc1c909fa4e711ecb
                                          • Opcode Fuzzy Hash: 95f205949f6d1cf3731b94ebaf0f5bc6fd3c17ba67b03f600e85f0b78bef9e04
                                          • Instruction Fuzzy Hash: 97816576700A8082DB64DF22D444BAA33A3F785FC8F58C229DE4D0B759DB3AC944C764
                                          Function 00620FF0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 185COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _errno$memcmp
                                          • String ID: (file "%.*s%s" line %d)$": $-encoding$-eofchar$...$couldn't read file "
                                          • API String ID: 2233871919-2626705156
                                          • Opcode ID: 7ccf63eb98a6e8daf94fa0073bdd9051c57edfe6bc6cc23906a5fef8bfe18437
                                          • Instruction ID: a30583782591f5983377f1c323a33fd86bb17973c4ee24cfaec0b5187545a36b
                                          • Opcode Fuzzy Hash: 7ccf63eb98a6e8daf94fa0073bdd9051c57edfe6bc6cc23906a5fef8bfe18437
                                          • Instruction Fuzzy Hash: 54513430709A5189EB54EF22BD153DA6297BB96FC4F484136EE0A8F759EE7CC504CB40
                                          Function 005A15E0 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID: EmbeddedMenuWindow$EmbeddedMenuWindowClass$Failed to create the embedded menu window.$Failed to create the menu window.$MenuWindow$MenuWindowClass$`%z
                                          • API String ID: 716092398-3785333897
                                          • Opcode ID: fb94530538faf3f07d93be4f3750314c6702a94be911387042a0bea47cbd0e16
                                          • Instruction ID: 0fb5ca96d6eb8d13d068d1566003bd4e608326e8948b58affee77c17f5676a1b
                                          • Opcode Fuzzy Hash: fb94530538faf3f07d93be4f3750314c6702a94be911387042a0bea47cbd0e16
                                          • Instruction Fuzzy Hash: D1311A72208B80C6E7609F10F45439ABBA0F785798F54412ADA8D47798DFBDC549CB50
                                          Function 00539CB0 Relevance: 15.3, APIs: 3, Strings: 7, Instructions: 300stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcmp
                                          • String ID: $" doesn't exist$image type "$image%d$images may not be named the $same as the main window$type ?name? ?options?
                                          • API String ID: 1004003707-2899649612
                                          • Opcode ID: c6917c3959f990d9876e016710436ff5d8ed30f05e3a64fae79cbe46922110e4
                                          • Instruction ID: 27eb92bb2af5727c1fa4bbd78b699ffbb929c0d1dc3c5405076aa8b32fd7569b
                                          • Opcode Fuzzy Hash: c6917c3959f990d9876e016710436ff5d8ed30f05e3a64fae79cbe46922110e4
                                          • Instruction Fuzzy Hash: 8FD11776204B8486DB60DF16E49879E7BA9F788F94F058426DF8D47728CF79C448D701
                                          Function 005FC920 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 542COMMON
                                          Download Yara Rule
                                          Strings
                                          • ARITH, xrefs: 00600FC4
                                          • TclExecuteByteCode: unrecognized opCode %u, xrefs: 00600F6F
                                          • TclExecuteByteCode: abnormal return at pc %u: stack top %d < entry stack top %d, xrefs: 005FD2ED
                                          • TclExecuteByteCode execution failure: end stack top < start stack top, xrefs: 005FD300
                                          • divide by zero, xrefs: 00600F85, 00600FB6
                                          • DIVZERO, xrefs: 00600FBD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TclExecuteByteCode: abnormal return at pc %u: stack top %d < entry stack top %d$ARITH$DIVZERO$TclExecuteByteCode execution failure: end stack top < start stack top$TclExecuteByteCode: unrecognized opCode %u$divide by zero
                                          • API String ID: 0-3043756727
                                          • Opcode ID: e337ab0658b60fc24d29d1c51a1f579646f93e056ff1638267be7d0dcbdff5db
                                          • Instruction ID: 5e8b97862dc0e1ebc188d9e26d4e2e4bdc5fe0f169b8c713755aef76afcbc58b
                                          • Opcode Fuzzy Hash: e337ab0658b60fc24d29d1c51a1f579646f93e056ff1638267be7d0dcbdff5db
                                          • Instruction Fuzzy Hash: A0328C36209B8C86DB21DF29E5843AABFA5F785B94F088526DF8D47758DB7CD840CB40
                                          Function 0066A8A0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 112libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • this library or a dependent library could not be found in library path, xrefs: 0066A9C7
                                          • couldn't load library ", xrefs: 0066A99A
                                          • ": , xrefs: 0066A987
                                          • the library initialization routine failed, xrefs: 0066AA60
                                          • A function specified in the import table could not be resolved by the system. Windows is not telling which one, I'm sorry., xrefs: 0066A9ED
                                          • this library or a dependent library is damaged, xrefs: 0066AA10
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ErrorLastLibraryLoad
                                          • String ID: ": $A function specified in the import table could not be resolved by the system. Windows is not telling which one, I'm sorry.$couldn't load library "$the library initialization routine failed$this library or a dependent library could not be found in library path$this library or a dependent library is damaged
                                          • API String ID: 3568775529-695206046
                                          • Opcode ID: 966427811f537ca51c81454ddc6e713a46522956301d3c1596ae8ade171b5630
                                          • Instruction ID: c4e5d7e933aa95b3c7d5b8aa1b76a56ff49c8fb5f01c25b3321972acdacbdedf
                                          • Opcode Fuzzy Hash: 966427811f537ca51c81454ddc6e713a46522956301d3c1596ae8ade171b5630
                                          • Instruction Fuzzy Hash: BB314C32B24D6041EF94EBA9EC117992213A7457C0F458236EF4E1B741DE3DC8C5CB85
                                          Function 00526910 Relevance: 13.7, APIs: 4, Strings: 5, Instructions: 176COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (database entry for "%.50s")$ (default value for "%.50s")$ (system default for "%.50s")$ in widget "%.50s")$`%z
                                          • API String ID: 0-3516882676
                                          • Opcode ID: 1b7e15883fbd70c31a61b655f4278fdb115ab309c9549d01670ff296a286a5a6
                                          • Instruction ID: f086f4667f5c4e7e5c200f6e9a7fd629c0e0ec036e66f5b07403139f392dd999
                                          • Opcode Fuzzy Hash: 1b7e15883fbd70c31a61b655f4278fdb115ab309c9549d01670ff296a286a5a6
                                          • Instruction Fuzzy Hash: EE51AEB6705A90C2DF25CF26E9453A92BA1BF46FC4F488426CE4E97794EF38D885C340
                                          Function 00621BB0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 256COMMON
                                          Download Yara Rule
                                          APIs
                                          • _errno.MSVCRT ref: 00621CA0
                                            • Part of subcall function 0066AA80: GetProcAddress.KERNEL32 ref: 0066AA9E
                                          • _errno.MSVCRT ref: 00621E30
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _errno$AddressProc
                                          • String ID: ": $couldn't create temporary file: $couldn't load from current filesystem$couldn't load library "$xu
                                          • API String ID: 1630757529-1010459412
                                          • Opcode ID: 5817384a65c206786f31ed55396454e459ff08c60ee6783ed2f8ea114a388328
                                          • Instruction ID: 62c32b1f6603218180985e59f75a6dd32d5dc38728289b3a54c4cc3d604c1c99
                                          • Opcode Fuzzy Hash: 5817384a65c206786f31ed55396454e459ff08c60ee6783ed2f8ea114a388328
                                          • Instruction Fuzzy Hash: EB916B76308B5186DB649F16F85039A77A6F796BC0F548029EE8A4BB19EF3CD441CB80
                                          Function 00661A20 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 161fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: File$AttributesCreate
                                          • String ID: ": $": bad file type$TclpOpenFileChannel: invalid mode value$couldn't open "
                                          • API String ID: 415043291-2979470367
                                          • Opcode ID: cfcdbf143b7a773a5cf9b59049eba0d8da6f1f1f50d485dfcab076014cb1d785
                                          • Instruction ID: 34671d94675b87ffc0ce6c501d805cfa46e29fd131e18dd75b5f1c516e1d3237
                                          • Opcode Fuzzy Hash: cfcdbf143b7a773a5cf9b59049eba0d8da6f1f1f50d485dfcab076014cb1d785
                                          • Instruction Fuzzy Hash: 31513B61719A4441EB248B56D8553AA2663F7877D0F5C8636DE2BCF7D0EE3DC886C340
                                          Function 005079F0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 129stringwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: MessageSendTextWindowstrcpy
                                          • String ID: X%z$`%z$pMz$window ?newTitle?
                                          • API String ID: 2709698831-2501115297
                                          • Opcode ID: f1f17002a3f80908f4804dc3b98b764151d28c5b0f6d7110dfd42063a7085734
                                          • Instruction ID: 01a5a9ef60e4723ab5ed74d71a5f55fd78d665d221aff4010f3e51a7afab8575
                                          • Opcode Fuzzy Hash: f1f17002a3f80908f4804dc3b98b764151d28c5b0f6d7110dfd42063a7085734
                                          • Instruction Fuzzy Hash: 48514436B18E9882DB259F2AD8407AD7761F788FD4F488022DE5E177A4CF39EA45C740
                                          Function 0063F140 Relevance: 12.4, APIs: 2, Strings: 6, Instructions: 355COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memset
                                          • String ID: " outside of a loop$...$break$continue$invoked "$lambdaExpr
                                          • API String ID: 2221118986-503132967
                                          • Opcode ID: f1fb99fffa5ef5ac6a8d289f728b134185bf1e34c5e1baf469e1ee7230f6560b
                                          • Instruction ID: c4322cdc071aeae16d471ba86a6342a1ebf26a19d091ebb784fc2511230a75b2
                                          • Opcode Fuzzy Hash: f1fb99fffa5ef5ac6a8d289f728b134185bf1e34c5e1baf469e1ee7230f6560b
                                          • Instruction Fuzzy Hash: 8CE1BFB2A04B848ADB64DF26E48579E77A6F784B88F058136DF4E4B716DF39C841C780
                                          Function 00669C80 Relevance: 12.2, APIs: 5, Strings: 3, Instructions: 188stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide$memcpystrlen
                                          • String ID: "*:<>?|$\\?\$\\?\UNC
                                          • API String ID: 489459775-1588131321
                                          • Opcode ID: 8a259739410ed239219f8acead7ec07361447ecd5431ffcab03e3a33bcfd904a
                                          • Instruction ID: 589a4683691d3bf96112734155764e7338ca8e373176c14699ca4322f73df4ef
                                          • Opcode Fuzzy Hash: 8a259739410ed239219f8acead7ec07361447ecd5431ffcab03e3a33bcfd904a
                                          • Instruction Fuzzy Hash: D6514561609B8086EB348B25E8503FAA7ABDF557D0F48C036DF990BB96E73DC855C720
                                          Function 0054DCA0 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 324COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: -menu$`%z$bindtags$menu type$normal$tk::MenuDup
                                          • API String ID: 0-2465092663
                                          • Opcode ID: f71345d174d5b307423cb952a4e24e9b401fcf3fe9d3ebc16e1239392c60b1ef
                                          • Instruction ID: 5aa7c27357757f4a774d63ce0cd911b8d4b100fc7360cb91adb57fc91d9891d8
                                          • Opcode Fuzzy Hash: f71345d174d5b307423cb952a4e24e9b401fcf3fe9d3ebc16e1239392c60b1ef
                                          • Instruction Fuzzy Hash: 62E1F476204B8486CB54DF2AE8883997BB1F788F98F158122EF9E87754EF38D454C710
                                          Function 0059B440 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 306COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ExtentPoint32Text
                                          • String ID: $`%z
                                          • API String ID: 223599850-944202645
                                          • Opcode ID: 7fc4ecfb82ce75a9f84981d397d4daf3c4866fb67743d686e07084d251966aa4
                                          • Instruction ID: 15c336ed6eb2589783703e0205d4d37365658e7ce47a9b520eaa7b24568a3f04
                                          • Opcode Fuzzy Hash: 7fc4ecfb82ce75a9f84981d397d4daf3c4866fb67743d686e07084d251966aa4
                                          • Instruction Fuzzy Hash: A5E10336219BC486EB708B16F98479EBBA5F789B84F148526DF8D43B68DF78C544CB00
                                          Function 005CD7F0 Relevance: 10.8, APIs: 5, Strings: 2, Instructions: 301COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: $string ?splitChars?
                                          • API String ID: 3510742995-2259620859
                                          • Opcode ID: 90a6672c45b6712ac63540b98fc9bb472f4a53998552a1a8155fabe148f8bf5a
                                          • Instruction ID: 09f5e1f379f490c304d874bd30e5eb98f9385c5b9031285add6fb2e0fc62b001
                                          • Opcode Fuzzy Hash: 90a6672c45b6712ac63540b98fc9bb472f4a53998552a1a8155fabe148f8bf5a
                                          • Instruction Fuzzy Hash: 54B1B132209B908ADB649F52E440B5EBBB1F749BC4F14842AEF8D87B09DB7DC541CB50
                                          Function 00544480 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 271COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf
                                          • String ID: $%d/%d/%d$ImgPhotoGet couldn't find visual for window$`%z$black$white
                                          • API String ID: 590974362-1215445842
                                          • Opcode ID: e3d4359b34f7eee7da8c936d9e3500c130719cef4e562734f81e0ecaf7f8450c
                                          • Instruction ID: 46517caf2ee8fc31c45a757b3abfe4bac83bed3203d9c31583018245c52f888e
                                          • Opcode Fuzzy Hash: e3d4359b34f7eee7da8c936d9e3500c130719cef4e562734f81e0ecaf7f8450c
                                          • Instruction Fuzzy Hash: 83C189B6704B8086DB28CF26E48479E7BB1F789B88F148026DF4A47B58DF39D955CB40
                                          Function 00532780 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 191stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcpystrlen
                                          • String ID: as label in this frame$`%z$can't use $}Js
                                          • API String ID: 2543315000-1063654839
                                          • Opcode ID: 3f824bc5242aff11d43cca61d5206ec5606f3c5d4e386b48801a2d9546e33306
                                          • Instruction ID: 2a163f0a681bb2295b265feacef28f34c3e1fe28820628f44dc14cea080a11a5
                                          • Opcode Fuzzy Hash: 3f824bc5242aff11d43cca61d5206ec5606f3c5d4e386b48801a2d9546e33306
                                          • Instruction Fuzzy Hash: FC617A72705B5282DB29DF66D4447AA6B61F784FC8F088026DE0E5BB18DF78C8869740
                                          Function 005981B0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 166COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Paint$BeginProcWindow
                                          • String ID: (button invoke)$ButtonProc called on an invalid HWND$`%z
                                          • API String ID: 1820170886-28972690
                                          • Opcode ID: e239389854ed9e41c79f2bcadb595a6d01677a7e68a200c40138adb7bb3312cd
                                          • Instruction ID: e1ea134171a2176e9b6721497ed1368ec80f37985242648f8f4c84691794037f
                                          • Opcode Fuzzy Hash: e239389854ed9e41c79f2bcadb595a6d01677a7e68a200c40138adb7bb3312cd
                                          • Instruction Fuzzy Hash: 3351E137714A8487DE558B26ED847BE67A5F78AF90F888032DE1A87740DF38D896C300
                                          Function 00620E10 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                          • _errno.MSVCRT ref: 00620EB0
                                            • Part of subcall function 006200D0: islower.MSVCRT ref: 00620104
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _errnoislower
                                          • String ID: ": $-translation$binary$could not seek to end of file while opening "$couldn't open "
                                          • API String ID: 63378191-373201499
                                          • Opcode ID: fc0fc2d1ef1cb5557ce30a89b82b732d7da30bbeed06eae04fb252961ceeb36a
                                          • Instruction ID: 174a6aea89358750dee0f8a55d21415794a34d77873d38736a94332f927e5c94
                                          • Opcode Fuzzy Hash: fc0fc2d1ef1cb5557ce30a89b82b732d7da30bbeed06eae04fb252961ceeb36a
                                          • Instruction Fuzzy Hash: 41313C21305F5040FE69DB12BD057DA6257AB84FC0F0D493AAD8E0BB56EE3CC441CB40
                                          Function 006615C0 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Handle$Close$ErrorLast_errno
                                          • String ID:
                                          • API String ID: 1802201974-0
                                          • Opcode ID: b28f06017662619152311e2cc44e8411c12e01f47683046f52b8598428fa1e36
                                          • Instruction ID: 8365697568103daa60127490230395f3d366fecf3a959eabbd2040ac9bd003a8
                                          • Opcode Fuzzy Hash: b28f06017662619152311e2cc44e8411c12e01f47683046f52b8598428fa1e36
                                          • Instruction Fuzzy Hash: 7D11C1B6B08A0042DF186F75EC513AD6363EBD2B94F1C8525DD0B8B794DE28DC82C381
                                          Function 00519A70 Relevance: 9.4, APIs: 3, Strings: 3, Instructions: 429stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcmp
                                          • String ID: (processing -height option)$ (processing -width option)$`%z
                                          • API String ID: 1004003707-1504544423
                                          • Opcode ID: be79addaad6da4af1b915ad7200c6eb330b0607d0558e5c097dd8d96017a9262
                                          • Instruction ID: 2fcdc5552b22e0d043f239b6d3fe87743865f32a1c7e488ff2c18c92f28e134d
                                          • Opcode Fuzzy Hash: be79addaad6da4af1b915ad7200c6eb330b0607d0558e5c097dd8d96017a9262
                                          • Instruction Fuzzy Hash: DD023B36305B8481EB15DF66E8647AA3BA4FB89F88F098136DE4E47718DF39C885C741
                                          Function 005BD160 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 281COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: bad field specifier "$formatString ?arg arg ...?$option$option ?arg arg ...?$value formatString ?varName varName ...?
                                          • API String ID: 0-3110719333
                                          • Opcode ID: 14a6a59f940154a63c0d2f1ec67684c17ed71cc6fd95890c8fdd97b7cc6593d9
                                          • Instruction ID: 255ef3ea8cdae798e8e546b8e85e3a159afb9313a23a554dd7cefc28e37de059
                                          • Opcode Fuzzy Hash: 14a6a59f940154a63c0d2f1ec67684c17ed71cc6fd95890c8fdd97b7cc6593d9
                                          • Instruction Fuzzy Hash: B4C17876208BC489EB70CB16E4403EABBA5F785B84F948026DECD47B58EF78D549CB10
                                          Function 00542530 Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 224COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpymemset
                                          • String ID: `%z
                                          • API String ID: 1297977491-4021639927
                                          • Opcode ID: d00f7a8945c32d730f4499957a64c8ca86f587817c72c96ce8b578746cda5e6a
                                          • Instruction ID: 1eaca91f774fdcae3b124923712c12e0a8738bc6c1915b3b81249b41b7263c91
                                          • Opcode Fuzzy Hash: d00f7a8945c32d730f4499957a64c8ca86f587817c72c96ce8b578746cda5e6a
                                          • Instruction Fuzzy Hash: 7C81F17260567182CB289F2694547BFABA2F7C4F8CF454116FE498BB48EB3CC940DB80
                                          Function 005F9070 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 123COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memset
                                          • String ID: identity$iso8859-1$unicode$utf-8
                                          • API String ID: 2221118986-2417027401
                                          • Opcode ID: 84f7aec2a296f86e07a6bb1750636ef57b34874dac481eebf20d1ec07763b254
                                          • Instruction ID: 44a595f3fd2426cc659e8524b92e07979ad1c545dce2f979fbebf5cf22592c92
                                          • Opcode Fuzzy Hash: 84f7aec2a296f86e07a6bb1750636ef57b34874dac481eebf20d1ec07763b254
                                          • Instruction Fuzzy Hash: A0515876619F8485EB50DF10F88539A7BA5F788B88F844236EA8D47768EF7CC184CB50
                                          Function 0066A050 Relevance: 9.1, APIs: 6, Instructions: 65filetimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: File$ErrorLast$AttributesCloseCreateHandleTime
                                          • String ID:
                                          • API String ID: 1851685294-0
                                          • Opcode ID: 48a54f12669a38fa538394e3cb8a9be92561820746f484fc1bc6a116c342837d
                                          • Instruction ID: a7f451bd4078db439acd8dbcb79c250371b908864b2bf07522c4514fd754e48c
                                          • Opcode Fuzzy Hash: 48a54f12669a38fa538394e3cb8a9be92561820746f484fc1bc6a116c342837d
                                          • Instruction Fuzzy Hash: E221C572B08A4083DB249FB5EC0539EA2A2F789BA4F449726DA6D577D4DF3CC804CB41
                                          Function 0050AD70 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 190windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID: `%z$couldn't unlink window in TkWmDeadWindow$numTransients should be 0
                                          • API String ID: 3850602802-1500550066
                                          • Opcode ID: 4b61905caf8d83879aa3c35e0188c71ea02dcaa6f4db466dcb9559be4342026e
                                          • Instruction ID: 61615a97c67fa6346a4e3c93eb7b0896ed52a373a588ee1806f0ff60f17cc11f
                                          • Opcode Fuzzy Hash: 4b61905caf8d83879aa3c35e0188c71ea02dcaa6f4db466dcb9559be4342026e
                                          • Instruction Fuzzy Hash: 91811636302B84C6EB159F26D4A43AE3B64FB84F89F188525DE4E4BB98DF29D841C341
                                          Function 00507890 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 145COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ProcWindow
                                          • String ID: `%z
                                          • API String ID: 181713994-4021639927
                                          • Opcode ID: cb79198a19d5c0f1204ba8510b094ae70736e598d32f76bc4606fa413d4ee088
                                          • Instruction ID: 6d81956b583859f1915147deb3578b93d541f3624e18f739fcfc8bcd846996f3
                                          • Opcode Fuzzy Hash: cb79198a19d5c0f1204ba8510b094ae70736e598d32f76bc4606fa413d4ee088
                                          • Instruction Fuzzy Hash: B051E576B08A4486E6249B16E4843EE6B91F7C9BD0F544175EF5B87B94DB3CC8C2C708
                                          Function 0050D218 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID: : it is an icon for $: the container does not support the request$can't deiconify $window
                                          • API String ID: 3850602802-996267754
                                          • Opcode ID: d4eefe51819546576919d5488c8ae0c586b07e63f3c1d4bfebcc9214cab2abd0
                                          • Instruction ID: 4da1e4623b3d2c97f2f2dcccd2f5190136cc77152db9a171ba80b0215938640f
                                          • Opcode Fuzzy Hash: d4eefe51819546576919d5488c8ae0c586b07e63f3c1d4bfebcc9214cab2abd0
                                          • Instruction Fuzzy Hash: 6A21AC72705A44C1EB51DB11E464BAE2B61F785FD8F594622DE1D077A4CF3DC88AC301
                                          Function 00596A00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Window$CreateLong
                                          • String ID: BUTTON$STATIC
                                          • API String ID: 1475011609-3385952364
                                          • Opcode ID: cdccc4a4e904ec4b5f628ce8805bc5594db736de29f3f48f68caebcc2233249b
                                          • Instruction ID: 1b03a3b75ab083980125e36091e8e674846b79fac72670ec7683a719b31451de
                                          • Opcode Fuzzy Hash: cdccc4a4e904ec4b5f628ce8805bc5594db736de29f3f48f68caebcc2233249b
                                          • Instruction Fuzzy Hash: F5212C72614A81CBE760CF25E84475ABBA0F788B98F544235AE8987B58DB3CD445CB01
                                          Function 00612770 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 260COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • unknown eol translation mode, xrefs: 00612940
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: unknown eol translation mode
                                          • API String ID: 3510742995-2251529115
                                          • Opcode ID: 43e3b8c10417af3f5b5e650f00b753db968a5db8a6592a5d3d23c74591434622
                                          • Instruction ID: 138ce2c353dcf79d86baa61c5302e31e52793a33bf55acf5053ec3341cb11071
                                          • Opcode Fuzzy Hash: 43e3b8c10417af3f5b5e650f00b753db968a5db8a6592a5d3d23c74591434622
                                          • Instruction Fuzzy Hash: 93810473B043928ADB64CB6AC4A8BEA2797F755798F5D8525CE0687380E674C9E6C300
                                          Function 004FC3F0 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 199COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memset
                                          • String ID: -class$Widget has been destroyed$`%z$pathName ?-option value ...?
                                          • API String ID: 2221118986-3488705283
                                          • Opcode ID: f309b3e324978dd0b25847c07cfa654e7bc1cd51435987965c60cce4ed25e278
                                          • Instruction ID: 16d23a6f621c4b6b5a6c2f64e204bfb48b5e6a8ac4b70455de16a2477fb4a79a
                                          • Opcode Fuzzy Hash: f309b3e324978dd0b25847c07cfa654e7bc1cd51435987965c60cce4ed25e278
                                          • Instruction Fuzzy Hash: 7F717A72304B9882DB24DB26E9987AA77A1F785FC8F044126DF4A1BB94CF3CD44AC304
                                          Function 006669C0 Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNEL32(?,?,?,?,0061FB69), ref: 006669FA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: fc0f354ff7f89c37cf8c5b23fe07cb404d8bc1d58c856d52a47803ceccc1f2cb
                                          • Instruction ID: 6b72642ca7cce18e793a30f20a1476e40915dffeee252bd43ca8dd3af549ab0a
                                          • Opcode Fuzzy Hash: fc0f354ff7f89c37cf8c5b23fe07cb404d8bc1d58c856d52a47803ceccc1f2cb
                                          • Instruction Fuzzy Hash: BA31BF22704A0545EB256BBAF9113BC5217AF84B94F489635FE5BA33D1ED38CC86C251
                                          Function 006449E0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strlen
                                          • String ID: %s called with shared object$...$Tcl_AppendLimitedToObj
                                          • API String ID: 39653677-1961824328
                                          • Opcode ID: e6b775651586c306c357d40d8e5bb4c247ce6e77670f9885312bb6eda0c6ec24
                                          • Instruction ID: 7c485482ce5ae72ed8df9aebe563d1c2b67684c08d4f850b8a6f4ac830e63ebc
                                          • Opcode Fuzzy Hash: e6b775651586c306c357d40d8e5bb4c247ce6e77670f9885312bb6eda0c6ec24
                                          • Instruction Fuzzy Hash: 99218E2375925041DB359E77BA837BA52436B14FE5F140135DF0D47B49EE28C8C2C308
                                          Function 00543420 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 246stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strtol
                                          • String ID:
                                          • API String ID: 76114499-3916222277
                                          • Opcode ID: e740d305ff51aad9f8b94680b7f0850cf4e584444fa004d772d01d4d5f1d0679
                                          • Instruction ID: 7cfbf0152986f3bf56c522395bfbbd860802ec398a1100feaad0002e67738cd5
                                          • Opcode Fuzzy Hash: e740d305ff51aad9f8b94680b7f0850cf4e584444fa004d772d01d4d5f1d0679
                                          • Instruction Fuzzy Hash: E591CB3270165186DF258E25D0487EEBFA2F794F8CF648124CE4907B69EB79CA85C740
                                          Function 00585110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Window$ColorLongProc
                                          • String ID: xpnative
                                          • API String ID: 3223664542-2276800883
                                          • Opcode ID: 8029825d97c86ce2f51458c31ae1d1b18267e8ad94249060188d941f22541fe5
                                          • Instruction ID: f31616593bfd5c0aa6049dbcf56a2bd252114926bb97f35f90b13a9b24628f00
                                          • Opcode Fuzzy Hash: 8029825d97c86ce2f51458c31ae1d1b18267e8ad94249060188d941f22541fe5
                                          • Instruction Fuzzy Hash: 97213852706A4446EB14EB67BC0436A6A91BBD9BC5F8A4135EE0D83394FE3CC645C301
                                          Function 0066A2B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNEL32(?,?,00000000,005FB144,?,?,?,?,005B8C19,?,?,?,?,?,?,00000000), ref: 0066A2CB
                                          • SetErrorMode.KERNEL32(?,?,00000000,005FB144,?,?,?,?,005B8C19,?,?,?,?,?,?,00000000), ref: 0066A2D2
                                          • GetModuleHandleA.KERNEL32 ref: 0066A2D6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ErrorMode$HandleModule
                                          • String ID: 0 z
                                          • API String ID: 3271046328-4269703170
                                          • Opcode ID: 9268b00af68352d8a9f33f0a93392cb88333534cf0b5dbfc09ce7f2a4221b8f6
                                          • Instruction ID: 7ab77ef1d3281e6e25f3a2271b67953f903fa42df217af2aa48403219e6fb117
                                          • Opcode Fuzzy Hash: 9268b00af68352d8a9f33f0a93392cb88333534cf0b5dbfc09ce7f2a4221b8f6
                                          • Instruction Fuzzy Hash: 99D05E20B1D60481EB1C1BB2A86533E12D0A78DB44F090419890F47350DE2CE4458204
                                          Function 005B9EA0 Relevance: 6.5, APIs: 1, Strings: 3, Instructions: 534COMMON
                                          Download Yara Rule
                                          Strings
                                          • ::unknow, xrefs: 005BA62F
                                          • TclEvalObjvInternal: NULL global namespace pointer, xrefs: 005BA696
                                          • invalid command name ", xrefs: 005BA56E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ::unknow$TclEvalObjvInternal: NULL global namespace pointer$invalid command name "
                                          • API String ID: 0-907882860
                                          • Opcode ID: c857825da9a1477b83db27d119df76f7e53e2418cfc2df93abc66a76495a03f5
                                          • Instruction ID: 16050766b4c40209ed32e418dfb0914edc1179d87e0a1d94863c96aa8ccf1ca7
                                          • Opcode Fuzzy Hash: c857825da9a1477b83db27d119df76f7e53e2418cfc2df93abc66a76495a03f5
                                          • Instruction Fuzzy Hash: 7D22D2722087818BDB64DF2AE4447ABBBA1F784BC8F148525DF4A47B54EF78E844CB41
                                          Function 00634F00 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 354COMMON
                                          Download Yara Rule
                                          Strings
                                          • bad parse in Tcl_SubstObj: %c, xrefs: 00635187
                                          • Tcl_SubstObj: programming error, xrefs: 006351C0, 006351D2
                                          • max # of tokens for a Tcl parse (%d) exceeded, xrefs: 006353F1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tcl_SubstObj: programming error$bad parse in Tcl_SubstObj: %c$max # of tokens for a Tcl parse (%d) exceeded
                                          • API String ID: 0-4136155392
                                          • Opcode ID: f31d0b1ba7234e1e1e82d039fdecf9f2822fb7ba0040a86366b3e8358de641ee
                                          • Instruction ID: adaa53ad0f632a4e4e36aad23a94dd8c05918f193c988f42dfc0f83b78d3c587
                                          • Opcode Fuzzy Hash: f31d0b1ba7234e1e1e82d039fdecf9f2822fb7ba0040a86366b3e8358de641ee
                                          • Instruction Fuzzy Hash: 4BD1F072210B5086DB24DF26E4553AE7BE2F788BC8F554119EE8B47B08EB79C445CBC0
                                          Function 00676D10 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: L$e$e
                                          • API String ID: 0-4133291910
                                          • Opcode ID: bc5b8b660626d37af8dce11e5f1aeb7d5fdcac0fe3936499b0a3a376444b6882
                                          • Instruction ID: 5b7c2b221c640d0bada774aa26cb869b7cba1efed538814e1314f37389cf65d8
                                          • Opcode Fuzzy Hash: bc5b8b660626d37af8dce11e5f1aeb7d5fdcac0fe3936499b0a3a376444b6882
                                          • Instruction Fuzzy Hash: EB61B132615B5086CB64DF2AD45476D3BA3FB89FC8F149129EE4E1B718DB79CD808B80
                                          Function 00618110 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 171COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Tcl_Write: unknown output translation mode, xrefs: 0061828C
                                          • Tcl_Write: AUTO output translation mode not supported, xrefs: 00618280
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: Tcl_Write: AUTO output translation mode not supported$Tcl_Write: unknown output translation mode
                                          • API String ID: 3510742995-767642766
                                          • Opcode ID: ccae968d512b4fd4f781d09d47ce5f90fbf5c2f19e92f22d3094ae8e3fe35240
                                          • Instruction ID: 9f37428953987c326f7a98ff60dfc15a7eecb3889869066fc5d7bb31e414f920
                                          • Opcode Fuzzy Hash: ccae968d512b4fd4f781d09d47ce5f90fbf5c2f19e92f22d3094ae8e3fe35240
                                          • Instruction Fuzzy Hash: 7E5104B3B016808EDF268B66D940BEA6653B755BC4F4D9525EF0647744EE38CAD28380
                                          Function 0061DBD0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 142COMMON
                                          Download Yara Rule
                                          Strings
                                          • {read not supported by Tcl driver}, xrefs: 0061DD80
                                          • read, xrefs: 0061DCA8
                                          • {read delivered more than requested}, xrefs: 0061DDC0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: CurrentThread
                                          • String ID: read${read delivered more than requested}${read not supported by Tcl driver}
                                          • API String ID: 2882836952-52312511
                                          • Opcode ID: aa7fb6f2afcf1984bcaa8d894b81b1fd09734fa674a0a9ba875fc24b3c45de2d
                                          • Instruction ID: d4584871d2b8a7321dd26ce052568c7946a17672fb84ef059ba6f2313043965b
                                          • Opcode Fuzzy Hash: aa7fb6f2afcf1984bcaa8d894b81b1fd09734fa674a0a9ba875fc24b3c45de2d
                                          • Instruction Fuzzy Hash: B141C6737046418ADB40EF29E8413EE6762FB85BA4F184225FF198B795EF79C881C784
                                          Function 0050A2E0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 112COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf
                                          • String ID: %d %d$`%z$window ?width height?
                                          • API String ID: 590974362-831086175
                                          • Opcode ID: 13adf65e1e637f72953878eea51d32e742f7d75624614dec992ecd9eee8f601d
                                          • Instruction ID: bede9d3f7ad9a6259cc3ee008236f474d5406bf138bb4a04c3f71f8a67140a4e
                                          • Opcode Fuzzy Hash: 13adf65e1e637f72953878eea51d32e742f7d75624614dec992ecd9eee8f601d
                                          • Instruction Fuzzy Hash: 0B41D137714B8586EB21CB2AD848BEE2750F785BD5F088526DF1907BD0CE38D88AC701
                                          Function 0062CEB0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 102stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strlen
                                          • String ID: (in namespace eval "%.*s%s" script line %d)$...$name arg ?arg...?
                                          • API String ID: 39653677-94307996
                                          • Opcode ID: 45649a14b9234cc951eb1be40735e28f12da77deabaeac573fbce8475d7208b8
                                          • Instruction ID: 88b20e22ff2b3bd8916a7718560ec30de16153f721d74bd904d619107fed43ca
                                          • Opcode Fuzzy Hash: 45649a14b9234cc951eb1be40735e28f12da77deabaeac573fbce8475d7208b8
                                          • Instruction Fuzzy Hash: CC310072709AD485DBA1DB15F455BDF6792F788B94F444026DE8907704EFBCC185CB80
                                          Function 006A7792 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: freemallocmemset
                                          • String ID:
                                          • API String ID: 3809226132-0
                                          • Opcode ID: c597513172e316c8cad291861700e98f767e571895afff4365dfaf9aeeb3aa06
                                          • Instruction ID: 46076f717e3b28d3c3ca1bb2ac9a18912c4f22b6f62cef65234d124be484fb67
                                          • Opcode Fuzzy Hash: c597513172e316c8cad291861700e98f767e571895afff4365dfaf9aeeb3aa06
                                          • Instruction Fuzzy Hash: 3B31F837F166548EEB40DFB9D884A9C37B2B749758F158026EE09ABB58DA38D841CB10
                                          Function 005023C0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: CompatibleCreateModeObjectSelect
                                          • String ID:
                                          • API String ID: 1794513709-0
                                          • Opcode ID: 2734dda36873923236ba80163ee140836c162cb3dc56e05822f596c752404bd5
                                          • Instruction ID: 0fff210ef0653c7ee91c5d61fe34197ce56e2d12cc4a63ef9cc7cecfeccac7ed
                                          • Opcode Fuzzy Hash: 2734dda36873923236ba80163ee140836c162cb3dc56e05822f596c752404bd5
                                          • Instruction Fuzzy Hash: 0011ADB2708A8082DE28DF2BEC8936EA760F749BD0F089826DE0E47754DF38D495C300
                                          Function 006617C0 Relevance: 6.0, APIs: 4, Instructions: 42fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: File$PointerWrite
                                          • String ID:
                                          • API String ID: 539440098-0
                                          • Opcode ID: 41534da7eeab003363bb0f13e8495083e16949cefc932fe5d93e86ccd8846a09
                                          • Instruction ID: c81c6d62d88f2b89f44e3d909916cabd88c53b7ce81238cdb213b59bb6ae645c
                                          • Opcode Fuzzy Hash: 41534da7eeab003363bb0f13e8495083e16949cefc932fe5d93e86ccd8846a09
                                          • Instruction Fuzzy Hash: C0012BB270864486EB148F36EC04B5DB7A1E79ABD9F148114EE4D47794DF3CC546C780
                                          Function 006611C0 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ConsoleErrorFileLastModeType
                                          • String ID:
                                          • API String ID: 2867079444-0
                                          • Opcode ID: dda0cd9a5e3a7d80100283ada4c2cf0fd37df8edfb3b6c1e6bc072aadf320db8
                                          • Instruction ID: 9b41f84b0f9ccdfb97e57bbd06cd43b61a6a90a4bf892a4368595fcd2ac7da39
                                          • Opcode Fuzzy Hash: dda0cd9a5e3a7d80100283ada4c2cf0fd37df8edfb3b6c1e6bc072aadf320db8
                                          • Instruction Fuzzy Hash: 1CF0B452B0CA4487EB109B76BC4439A6296E787B81F884020DE0ACA710DF6CCE4AC711
                                          Function 00661860 Relevance: 6.0, APIs: 4, Instructions: 32fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _errno$ErrorFileLastRead
                                          • String ID:
                                          • API String ID: 2044071692-0
                                          • Opcode ID: 5bb6a507fd436c5e52882fef25d981746dd47a1572bb9489dbbeb873df3d296c
                                          • Instruction ID: a0a08c991a60bda8c736aea17ff6dbdbdc93fa7c846bdca5f015ac342d23bf17
                                          • Opcode Fuzzy Hash: 5bb6a507fd436c5e52882fef25d981746dd47a1572bb9489dbbeb873df3d296c
                                          • Instruction Fuzzy Hash: 70F05873B186188BDB15AF34FC0539D73A4E798B94F888022EA4987350CB7CC886CB80
                                          Function 005A0A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: CaptureProcWindow
                                          • String ID: `%z
                                          • API String ID: 49417107-4021639927
                                          • Opcode ID: 8a5abec08457f441bdcc04cb11d2573b14ab7c1bad21ca74221342392fd75736
                                          • Instruction ID: 6d64f6219ae30f43e853fa78ccb545fc152e3f5cdd0250ab99a0aa39a6825c87
                                          • Opcode Fuzzy Hash: 8a5abec08457f441bdcc04cb11d2573b14ab7c1bad21ca74221342392fd75736
                                          • Instruction Fuzzy Hash: D9318032719B8882EF14CB41E58039EBB61F3C6794F549416E68E07BA8CB7CD894CB51
                                          Function 00504F20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Focus
                                          • String ID: ChangeXFocus got null X window$`%z
                                          • API String ID: 2734777837-84511827
                                          • Opcode ID: 507092e805fe182c37913c71c5b2e301b3a90448adc880200c6d534de8f324b2
                                          • Instruction ID: c71033d8c6cffb7f293a02ed959b8a782b867e7c68c0aaad79f06b302253f35b
                                          • Opcode Fuzzy Hash: 507092e805fe182c37913c71c5b2e301b3a90448adc880200c6d534de8f324b2
                                          • Instruction Fuzzy Hash: F12112B2705A46C2DE24DF16E49476D2BB0FB84F88F488122DA4E87768DF38C845CB40
                                          Function 00505FA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Window$Create
                                          • String ID: TkChild
                                          • API String ID: 870168347-227893619
                                          • Opcode ID: ff6ac9a633358b43afb665fef07b878b34cf0c7cff4ef8e99e732f79a82172bf
                                          • Instruction ID: 622648a1d6ba8997bc8434f86a35c715e4225380c0df19aea1fa62fd059a9d85
                                          • Opcode Fuzzy Hash: ff6ac9a633358b43afb665fef07b878b34cf0c7cff4ef8e99e732f79a82172bf
                                          • Instruction Fuzzy Hash: 86118E72B186808BE760CF29E944B0EBBE1F788B98F145225EE8947B58D77CC445CF00
                                          Function 0060B842 Relevance: 5.2, APIs: 4, Instructions: 226COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e75991149cb2c1d5c0b5496be36a78ebdee5758506282f02b1f3723a0f60b3f3
                                          • Instruction ID: 1cf5e24b7e827887c617e8f4facdedde326fa0ce3500a8ff98fbf3782f32baec
                                          • Opcode Fuzzy Hash: e75991149cb2c1d5c0b5496be36a78ebdee5758506282f02b1f3723a0f60b3f3
                                          • Instruction Fuzzy Hash: 7081BC32791B44C6DB28CF16E9807AAB7A2F745B84F08E416CF4A4B790EB78E845C700
                                          Function 0060CE40 Relevance: 5.2, APIs: 4, Instructions: 167COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID:
                                          • API String ID: 3510742995-0
                                          • Opcode ID: e341bba0b356221745f1fecd45aaed8525b6ae2b4c0689a2a5b126d88bf95062
                                          • Instruction ID: 1ec396e38ada7bf38da3bddda1309fa725d084be630f56dfb07c94ddf6436135
                                          • Opcode Fuzzy Hash: e341bba0b356221745f1fecd45aaed8525b6ae2b4c0689a2a5b126d88bf95062
                                          • Instruction Fuzzy Hash: 4F51CC7231068586CB64EF12E805B9A6766F784BD8F488221EE4E5BB45CF78CA46CB40
                                          Function 00559470 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 253stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strchr
                                          • String ID: `%z
                                          • API String ID: 2830005266-4021639927
                                          • Opcode ID: 5a5bec6f3a5aae9a02208efd1f2f9e0a4d278cf835b470d83fd60d8f0460e145
                                          • Instruction ID: c069ef1d5ea1393f4a0acb959d39934416c2921cdbf78dbe5ef44fa6233f2ead
                                          • Opcode Fuzzy Hash: 5a5bec6f3a5aae9a02208efd1f2f9e0a4d278cf835b470d83fd60d8f0460e145
                                          • Instruction Fuzzy Hash: 98A1D0B2711B85CACF25CF19D4606AD3B65FB88B85F458623DE0E43718EB38C9A9C700
                                          Function 006220F0 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 231stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcmp
                                          • String ID: error getting working directory name: $xu
                                          • API String ID: 1004003707-1945455551
                                          • Opcode ID: 65952887b8846b6e27ac98e483897ec7a7ce5872c7e7712b59a533c6b87004f3
                                          • Instruction ID: 0e80fe2267f8496c6eb534e9a99cda625591f7217ca5fd7274a8ef5d4a3b3c61
                                          • Opcode Fuzzy Hash: 65952887b8846b6e27ac98e483897ec7a7ce5872c7e7712b59a533c6b87004f3
                                          • Instruction Fuzzy Hash: D161C331302B2295DE98EF76B9257AD6393AB45FC4F484029DF0E4BB09EE38C542CB40
                                          Function 00558A50 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 201COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: Class$`%z
                                          • API String ID: 3510742995-2817754933
                                          • Opcode ID: 818fdccfc503156b7a69f8b5df9997c5e7b7c1040f64920db45c18e2aba6ef57
                                          • Instruction ID: 398b13380caa6a36b7e91c385f64d16edbb593ce6a7b480a73a8dd9a778b7ad2
                                          • Opcode Fuzzy Hash: 818fdccfc503156b7a69f8b5df9997c5e7b7c1040f64920db45c18e2aba6ef57
                                          • Instruction Fuzzy Hash: BD816CB2311A94C6CB10CF1AD498BA97B68F358B95F968627CE0E57750DF35D88ACB00
                                          Function 0068C0C0 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 194stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strncmp
                                          • String ID: matchindirectory
                                          • API String ID: 1114863663-219629234
                                          • Opcode ID: 86d10fe68bf419483449cac42f92ece5dc868f5d28a4c81ed9de91da00ec6286
                                          • Instruction ID: e914b25d3dd0d0b3c5080a3d4132844e273ffa0d8087cbb0befec8fa2e4f73c2
                                          • Opcode Fuzzy Hash: 86d10fe68bf419483449cac42f92ece5dc868f5d28a4c81ed9de91da00ec6286
                                          • Instruction Fuzzy Hash: D551243230564046DF90BF62E4653AEA753AB89FE4F044229EF4A8B78ADF38C9058750
                                          Function 006400E0 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 181stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • couldn't compile regular expression pattern: , xrefs: 0064035A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcmpstrcpy
                                          • String ID: couldn't compile regular expression pattern:
                                          • API String ID: 1519103487-1635851197
                                          • Opcode ID: 3d59301de83eebf7eac4ba86860699accf2b55b9bf82e35c1c2699ea3b7cecd1
                                          • Instruction ID: cd2a390586c4907405a797823447161736c55860ded7c6f15d0094c55ed6bcaa
                                          • Opcode Fuzzy Hash: 3d59301de83eebf7eac4ba86860699accf2b55b9bf82e35c1c2699ea3b7cecd1
                                          • Instruction Fuzzy Hash: 5E71F032204B868ADB65DF26E8447EE77A2F784B84F844129DF5E47B50EF38D4A5C740
                                          Function 00644690 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 111COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • %s called with shared object, xrefs: 006446B4
                                          • Tcl_AttemptSetObjLength, xrefs: 006446AD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: %s called with shared object$Tcl_AttemptSetObjLength
                                          • API String ID: 3510742995-3029319991
                                          • Opcode ID: fc98e1010594a5916288307743e1f45389c62ead54c85bf679626de74f8cc6be
                                          • Instruction ID: 8397248f1e37dbfb9050438caf74976d23e1e0ea98cb5911c19630336aa38483
                                          • Opcode Fuzzy Hash: fc98e1010594a5916288307743e1f45389c62ead54c85bf679626de74f8cc6be
                                          • Instruction Fuzzy Hash: 3E41C3723017818ADB24DF25E8863D967A2FB417D4F188529DF5D4BB84EF79D582C340
                                          Function 00644820 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 92stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • max size for a Tcl value (%d bytes) exceeded, xrefs: 0064496A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpystrlen
                                          • String ID: max size for a Tcl value (%d bytes) exceeded
                                          • API String ID: 3412268980-746697796
                                          • Opcode ID: 7ae45dd6a8d46f4154fd1fc1917be59b37a0d0d55135d047fc06f45dcab2ef83
                                          • Instruction ID: d0e271886bf3f81738cb6e521429302bf304b5774642ba2698d1481a76b2da4f
                                          • Opcode Fuzzy Hash: 7ae45dd6a8d46f4154fd1fc1917be59b37a0d0d55135d047fc06f45dcab2ef83
                                          • Instruction Fuzzy Hash: 3C31D372311690CED7249F26E84276A6767F784BD8F588218EE290BB49DF34D512CB80
                                          Function 00661240 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: FilePointer
                                          • String ID:
                                          • API String ID: 973152223-0
                                          • Opcode ID: 932bed084da4c42bf754805f5c17b91439945cd8636710670d894a8e785723c7
                                          • Instruction ID: c5d6915d76aa1be855508a3661273fa4cd2ad0869c1192cc1e5ed1d8c5cf97c8
                                          • Opcode Fuzzy Hash: 932bed084da4c42bf754805f5c17b91439945cd8636710670d894a8e785723c7
                                          • Instruction Fuzzy Hash: 70F0F47270874486DB345B79F850B5D26A0AB9A7B4F584311CD3D87BE0CA38D593CB40
                                          Function 006224A0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180COMMON
                                          Download Yara Rule
                                          Strings
                                          • glob couldn't determine the current working directory, xrefs: 00622658
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: glob couldn't determine the current working directory
                                          • API String ID: 0-3996873007
                                          • Opcode ID: ad1534f823e6bd1c359a75492c27930fa7d918d34140022e6a7bc84aa25bf6ae
                                          • Instruction ID: 7af0c0f97166b924eb478f54e3c1c88b7230614d236c12e01363f166b3424c9a
                                          • Opcode Fuzzy Hash: ad1534f823e6bd1c359a75492c27930fa7d918d34140022e6a7bc84aa25bf6ae
                                          • Instruction Fuzzy Hash: 5E515672305F6256DB61DF26B834B9A26A2FB44FC4F098128EE1E57791EF38C801CB40
                                          Function 004E5CE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `%z
                                          • API String ID: 0-4021639927
                                          • Opcode ID: 8842b775274aba559d0b2cd0685b8132540c0267184dee790b1b1a639981ae49
                                          • Instruction ID: 7e59697af35a27d786a8f04a1adfe723146f9611794ee446cb3ad42f40ad486b
                                          • Opcode Fuzzy Hash: 8842b775274aba559d0b2cd0685b8132540c0267184dee790b1b1a639981ae49
                                          • Instruction Fuzzy Hash: C541AB33701B8485EB668F67E9447AA67A1F788BDAF5884368F080BB45DF38C991C344
                                          Function 0066B3C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: @2z
                                          • API String ID: 3472027048-3531315329
                                          • Opcode ID: f5f4760ad8713176b434dcd17a58a7946e58947ad752c46a8835116bfd797c22
                                          • Instruction ID: d4718afd8045019c018501e40f178c471949e82fddb0ed0c4b08563e1ee546df
                                          • Opcode Fuzzy Hash: f5f4760ad8713176b434dcd17a58a7946e58947ad752c46a8835116bfd797c22
                                          • Instruction Fuzzy Hash: A821A733B241508BC759DB2AFD8561EA751F7C9744F44A126FE4A87B49DE3CD9418F00
                                          Function 00506060 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: DestroyWindow
                                          • String ID: `%z
                                          • API String ID: 3375834691-4021639927
                                          • Opcode ID: 24517315336727158f8b0f38c967ed133388705a1c1ff6920cb6ffce37ab220f
                                          • Instruction ID: 25e32a86e5920bd033ad9782759804efb420e1aaa2284b3cb5d59ba6ecd3e02c
                                          • Opcode Fuzzy Hash: 24517315336727158f8b0f38c967ed133388705a1c1ff6920cb6ffce37ab220f
                                          • Instruction Fuzzy Hash: A501DA66755A4086DA09CF23EA087AE6760FB5DFE4F488021EE0D03780EE39C885C300
                                          Function 00599550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: DeleteObject
                                          • String ID: `%z
                                          • API String ID: 1531683806-4021639927
                                          • Opcode ID: 399763e8fabff46c8c7e34281768be24d422177c3f52aadde8483b357e92206e
                                          • Instruction ID: 351c972061175f2df31c52a6266dbe474a05193849542b552817d2f3ae275c0a
                                          • Opcode Fuzzy Hash: 399763e8fabff46c8c7e34281768be24d422177c3f52aadde8483b357e92206e
                                          • Instruction Fuzzy Hash: ECF08163B06A848AEB22DF6FEC807A92720F784BA5F490135DE1D47715DA30C9D2C304
                                          Function 00611E70 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 312COMMON
                                          Download Yara Rule
                                          Strings
                                          • Buffer Underflow, BUFFER_PADDING not enough, xrefs: 00612300
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Buffer Underflow, BUFFER_PADDING not enough
                                          • API String ID: 0-3280121635
                                          • Opcode ID: c4fa8bf121a93835a8b908c95237840d7a461487088d5a2cff9c03127b06038e
                                          • Instruction ID: bec05e335467ea97bfa1ae7d3020df398d431d8011a2d4906a61d46702c896dc
                                          • Opcode Fuzzy Hash: c4fa8bf121a93835a8b908c95237840d7a461487088d5a2cff9c03127b06038e
                                          • Instruction Fuzzy Hash: 9AD147726187818BC764CF2AF840B9AB7A5F789B84F148219EFC987B58DB38C555CF40
                                          Function 00624530 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 228COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: j}u
                                          • API String ID: 3510742995-16717292
                                          • Opcode ID: 67aec29595b384f57ac89c5656ea9701931a52a9238ca1c593a53586ae666db4
                                          • Instruction ID: a74f8c9d7b50fdf247fa94de5c9a6abfad803f1ba63437d0b0f0220c4d1865b2
                                          • Opcode Fuzzy Hash: 67aec29595b384f57ac89c5656ea9701931a52a9238ca1c593a53586ae666db4
                                          • Instruction Fuzzy Hash: C9A15876209B9586DB50CF16E48079EBBA5F784B84F15802AEF9D43B28DF38D885CF40
                                          Function 0063D430 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 178COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • a precompiled script jumped interps, xrefs: 0063D652
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: a precompiled script jumped interps
                                          • API String ID: 3510742995-3473358735
                                          • Opcode ID: 027664ea6239aa4e150eaad23f211d16b616940b977ffecedf339184acf2d847
                                          • Instruction ID: 913f0f34061ef141c218969f2c77e3d7889f244052ff9d08dc355a75f83c055a
                                          • Opcode Fuzzy Hash: 027664ea6239aa4e150eaad23f211d16b616940b977ffecedf339184acf2d847
                                          • Instruction Fuzzy Hash: B3718B73205B8487CBA4CF15E889B9E77AAF788B94F158125EB4D47710DB38D891CB80
                                          Function 0064C280 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Strings
                                          • alloc: could not allocate %d new objects, xrefs: 0064C39C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID: alloc: could not allocate %d new objects
                                          • API String ID: 3702945584-1866737643
                                          • Opcode ID: ad63ea59ad31e117d165c2632db1c88b02c7f2266b85523d46bf45665d31759a
                                          • Instruction ID: b557167dfa357dd9c443f322672b0c2ab7ace8815aecd075dbb1652ae4c9e0f2
                                          • Opcode Fuzzy Hash: ad63ea59ad31e117d165c2632db1c88b02c7f2266b85523d46bf45665d31759a
                                          • Instruction Fuzzy Hash: 7C313672706B00C6EF5ACF25E44036E37A2F799B98F148529CA4D47359EB38DAA5C780
                                          Function 005BC8E0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • max size for a Tcl value (%d bytes) exceeded, xrefs: 005BC999
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: max size for a Tcl value (%d bytes) exceeded
                                          • API String ID: 3510742995-746697796
                                          • Opcode ID: 8cd9fedabe7884e6b6fd287155071d992552d809a72c56a2786a3d830b515004
                                          • Instruction ID: 442e526f9f0c62bae421db9aa77839ec9b26eab99bf9debed15abf7c2ef14cc8
                                          • Opcode Fuzzy Hash: 8cd9fedabe7884e6b6fd287155071d992552d809a72c56a2786a3d830b515004
                                          • Instruction Fuzzy Hash: B92132332057848AE7109F22E8453EE7F91F385BC0F0E8525CA990B741EB78E985C384
                                          Function 00630910 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: @!z
                                          • API String ID: 3510742995-3012876563
                                          • Opcode ID: d7fc1a16359c1aff31b409687d15feafd949dcc8673708c6961955362bb6995e
                                          • Instruction ID: a44586e39cfe640107d54aa24190e4119525632c7d2f286c6d89b675a8bcc8de
                                          • Opcode Fuzzy Hash: d7fc1a16359c1aff31b409687d15feafd949dcc8673708c6961955362bb6995e
                                          • Instruction Fuzzy Hash: CB117F7630170086EB288F26E45035EB7A2F748FE4F199529CF9D07755DB78D881C390
                                          Function 004E2460 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 42COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: malloc
                                          • String ID: 7'r
                                          • API String ID: 2803490479-3131803762
                                          • Opcode ID: f924778678da1db23ae3dec38432daf53752912e5ddca00c29bf2a95b1b67971
                                          • Instruction ID: 6b57f337ad85661040fa32a02c241f8cf63d3fcc66f8aa941e05af6ee27dc7a8
                                          • Opcode Fuzzy Hash: f924778678da1db23ae3dec38432daf53752912e5ddca00c29bf2a95b1b67971
                                          • Instruction Fuzzy Hash: B511FFB6201F5486CB58DF1AE88014A37BAF74CFD4715A165CE8C43728EB35C8A1C350
                                          Function 00667850 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: AttributesErrorFileLast
                                          • String ID:
                                          • API String ID: 1799206407-0
                                          • Opcode ID: d8eb666fc6143de9b06e1d17ddbb0a410bf1a9c59c5881d4cebda9a9223523c9
                                          • Instruction ID: 4f439efed983db95400e6083cbd5359db3301c9a3a894a3a7a5c807325cd52da
                                          • Opcode Fuzzy Hash: d8eb666fc6143de9b06e1d17ddbb0a410bf1a9c59c5881d4cebda9a9223523c9
                                          • Instruction Fuzzy Hash: 2FF09632B3C90546DB606B75F8093DD1351AB85B98F4806359E5E477D1ED3CCC8AC640
                                          Function 0059A210 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: CreateDeleteFontIndirectObject
                                          • String ID:
                                          • API String ID: 1932138579-0
                                          • Opcode ID: 6ef1cb90a130192cc23b5db09f604c4bd9dfd70664d60fe5c52b4873f2ebe47a
                                          • Instruction ID: e2510046f873e62845111be487fb261caa3c2a07e794921451af66458cdd394e
                                          • Opcode Fuzzy Hash: 6ef1cb90a130192cc23b5db09f604c4bd9dfd70664d60fe5c52b4873f2ebe47a
                                          • Instruction Fuzzy Hash: 8CE07D13F1825041EE2497537C0879AD65057CCFE0F084231AC0C43724EC3CC441C380
                                          Function 0064BD90 Relevance: 2.7, APIs: 2, Instructions: 178COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00670850: TlsGetValue.KERNEL32 ref: 00670865
                                          • malloc.MSVCRT ref: 0064BE40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Valuemalloc
                                          • String ID:
                                          • API String ID: 1411070159-0
                                          • Opcode ID: 697e5bf07376516b4097e8619f748eba087c317fdffe1843dc3bfc238d1e7d55
                                          • Instruction ID: b0753dc55c3d3fa67208d035527bcb52469f198b5c17dc1410134cf5cea4684b
                                          • Opcode Fuzzy Hash: 697e5bf07376516b4097e8619f748eba087c317fdffe1843dc3bfc238d1e7d55
                                          • Instruction Fuzzy Hash: CD61E1B2710B8487CB60CF2AE484B9EB7A6F748B94F459216DF4E83750EB38D595CB00
                                          Function 00623830 Relevance: 2.6, APIs: 2, Instructions: 147COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcmpmemcpy
                                          • String ID:
                                          • API String ID: 1784268899-0
                                          • Opcode ID: a01c51423717142bb5e61ca0d0228393a163e4f79a29c5a1ceb8e8862e734d28
                                          • Instruction ID: db5147c426f6b71c4b1aac8911e101d0529ad57acd1477cdf70b33f1826da494
                                          • Opcode Fuzzy Hash: a01c51423717142bb5e61ca0d0228393a163e4f79a29c5a1ceb8e8862e734d28
                                          • Instruction Fuzzy Hash: 7751CE72608FA485CB31CF15F4447DA7BA6F385B88F14851ADE8907754EBBCD685CB40
                                          Function 00623CA0 Relevance: 2.6, APIs: 2, Instructions: 135stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcmpstrlen
                                          • String ID:
                                          • API String ID: 3108337309-0
                                          • Opcode ID: bef84627500a361dddce28c7e0f148e205f191d851e5fe20b4cfd76e3ddb2369
                                          • Instruction ID: bbc253479b7b384bfeaad4ffbd1e60966cc0e87b0e89a86c2bd178db85b0c54d
                                          • Opcode Fuzzy Hash: bef84627500a361dddce28c7e0f148e205f191d851e5fe20b4cfd76e3ddb2369
                                          • Instruction Fuzzy Hash: DE41FB72714FB48ACB10CF2AE5446A9B762FB45BC0F588826DF8947B15EB3CC650CB40
                                          Function 00644120 Relevance: 2.5, APIs: 2, Instructions: 45stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strlen
                                          • String ID:
                                          • API String ID: 39653677-0
                                          • Opcode ID: fe65f71236210726c7eaf24cd31d7d78edae30300ea17af722d3f6f7387d4a93
                                          • Instruction ID: c0c093d20e765cfbfd288370c5e549d54009834ece50171f2185ab8b31de2b0a
                                          • Opcode Fuzzy Hash: fe65f71236210726c7eaf24cd31d7d78edae30300ea17af722d3f6f7387d4a93
                                          • Instruction Fuzzy Hash: 0B01DB7260575089EB555F66E84236A7A92EB68FD4F188129CE0D47345DFB8CCC1C3E0
                                          Function 006EF500 Relevance: 2.5, APIs: 2, Instructions: 32COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: malloc
                                          • String ID:
                                          • API String ID: 2803490479-0
                                          • Opcode ID: f5658cffe97eb58f8198f7f196755f74acf241a068ff459b6ffe8635859b1a6b
                                          • Instruction ID: 7e5e33b34b88543b960d6a27986739d06241b82cc0c212f59534840907cde559
                                          • Opcode Fuzzy Hash: f5658cffe97eb58f8198f7f196755f74acf241a068ff459b6ffe8635859b1a6b
                                          • Instruction Fuzzy Hash: E9F0E5A171378042FE496B97B8113A803935FA8784F4C6439DD0F47342FE2DC8118364
                                          Function 0060B7D0 Relevance: 2.5, APIs: 2, Instructions: 25stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpystrlen
                                          • String ID:
                                          • API String ID: 3412268980-0
                                          • Opcode ID: ea413b9d29160ebe3876f4ef79c489b94518e181a2070a496bead89cb974363b
                                          • Instruction ID: 5d94e3cfdb8b1bf8754e83ac7ffedb81b41488243800f97cadcf5035850dad3a
                                          • Opcode Fuzzy Hash: ea413b9d29160ebe3876f4ef79c489b94518e181a2070a496bead89cb974363b
                                          • Instruction Fuzzy Hash: B7E086A3B0135441EF58AB67F85A7AA5A92ABE8FC4F5A85349D0D4B342E934C4C6C780
                                          Function 0067B400 Relevance: 1.7, APIs: 1, Instructions: 496COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5a476e6a3ed58088c62dc0d80dd85ee11dec61b5d51e05e6f8cc208e8301568
                                          • Instruction ID: cc1f7d3c3f344f464f7218c45801e037707e2b1c93b673d7d63cba6a2865dafa
                                          • Opcode Fuzzy Hash: a5a476e6a3ed58088c62dc0d80dd85ee11dec61b5d51e05e6f8cc208e8301568
                                          • Instruction Fuzzy Hash: 9A12BF72316B8486CB60CF1AE488B9A73AAF788BC4F46A126DF9D47758DF38C441C744
                                          Function 00637580 Relevance: 1.7, APIs: 1, Instructions: 439COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f038f332c365123506617f0a2552fb2be7a99c70375491a8821d35371a65523c
                                          • Instruction ID: 807e19a8a6493239f0326497cfd868918f3db527a121366659c47bab84d5591f
                                          • Opcode Fuzzy Hash: f038f332c365123506617f0a2552fb2be7a99c70375491a8821d35371a65523c
                                          • Instruction Fuzzy Hash: ABF1A9B2209B4185DB68EF2AD09936D63A3FB84BD4F189419EE4E4B794DF38D841C3D0
                                          Function 00506100 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ShowWindow
                                          • String ID:
                                          • API String ID: 1268545403-0
                                          • Opcode ID: 74c8a839d5b955569f1475d8db74fb8dd6087e5e56d8213c0fed940ef5d4840d
                                          • Instruction ID: c392ff892746ce9cd7cb8eef64cacb72a4eeaf7b998288c1a1e466339c3dcc07
                                          • Opcode Fuzzy Hash: 74c8a839d5b955569f1475d8db74fb8dd6087e5e56d8213c0fed940ef5d4840d
                                          • Instruction Fuzzy Hash: FC317C726146418ADB248F25E54475E7BA1F388BB8F184335EEAC47BD9DB39C891CB00
                                          Function 005089A0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ShowWindow
                                          • String ID:
                                          • API String ID: 1268545403-0
                                          • Opcode ID: 5beeb74395f35c9c8ed3110de13802053f66f8ff4779cef4889d22571ec4bae8
                                          • Instruction ID: e0872534c2da333a809a73be6495b5f9c07abfd35bb8facdcae0445193e115a0
                                          • Opcode Fuzzy Hash: 5beeb74395f35c9c8ed3110de13802053f66f8ff4779cef4889d22571ec4bae8
                                          • Instruction Fuzzy Hash: 8EF06272F00980C2EB288B79C4857BD1751F7C8725F2C8522CA894A7D4DE358CD2D616
                                          Function 00620D00 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _errno
                                          • String ID:
                                          • API String ID: 2918714741-0
                                          • Opcode ID: d8123bd86006968b043224599788f432c6433ec85342dfea24f9e2097c743bca
                                          • Instruction ID: 9fd13dd603ea29ad0d68ad2ee68f87fdc8bc014213eb5af43a818f509643b7ed
                                          • Opcode Fuzzy Hash: d8123bd86006968b043224599788f432c6433ec85342dfea24f9e2097c743bca
                                          • Instruction Fuzzy Hash: CDE0E5A6B4766481EC0A1B423C413D81A45DB4EFF0F8C49308D0C0B382C968D8C3DB10
                                          Function 00506230 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ShowWindow
                                          • String ID:
                                          • API String ID: 1268545403-0
                                          • Opcode ID: 14afc36d12238a2f406a5856c5185bddeb39606ed78004ac2de5a56421ed7463
                                          • Instruction ID: ffa77b4a35ff011aeedb7b5f4aad2ea0115b8d9fd641d85f6d035d8f2a19420f
                                          • Opcode Fuzzy Hash: 14afc36d12238a2f406a5856c5185bddeb39606ed78004ac2de5a56421ed7463
                                          • Instruction Fuzzy Hash: 6B014672604A8187D764CF26F44439AB7E0F388768F588225EBD987748DB3DC8968F00
                                          Function 00621A20 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _errno
                                          • String ID:
                                          • API String ID: 2918714741-0
                                          • Opcode ID: 64865500832c74d2d3803c6b42b4b9722a74c67f5182abd8a2f98f4453b9b896
                                          • Instruction ID: 6d6c38375650812ab6220eb5e396d4bf61411e0d39ac945d78e6b85b45b4ef14
                                          • Opcode Fuzzy Hash: 64865500832c74d2d3803c6b42b4b9722a74c67f5182abd8a2f98f4453b9b896
                                          • Instruction Fuzzy Hash: EAE0DF63B1A66440FE2A1B9BBD067A949819B89FF0F0C80308E0D4B781E93C88C28B00
                                          Function 005A0BC0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ProcWindow
                                          • String ID:
                                          • API String ID: 181713994-0
                                          • Opcode ID: d2e93546e99f4372e5897b56866a661a30eedd6bee5758dcf03f08bc101fb784
                                          • Instruction ID: ea5fa0cc92e72db9c08c37e0bbce96807a678237ed2ce4ff88db26b1a1f5319d
                                          • Opcode Fuzzy Hash: d2e93546e99f4372e5897b56866a661a30eedd6bee5758dcf03f08bc101fb784
                                          • Instruction Fuzzy Hash: 62F09D7A618B8496CA00DF95F44018EFBA4F7C9BA0F801116FAC903B28DBB8D569CF40
                                          Function 00620BD0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _errno
                                          • String ID:
                                          • API String ID: 2918714741-0
                                          • Opcode ID: 8919b6c764ed45b04fbeca8a8a1b0471ebb8494ec5409ee9ec6ae0c617903526
                                          • Instruction ID: 5c062c458990e02ed00269ed51eede753bf8e95440af1d1538787fefe495756e
                                          • Opcode Fuzzy Hash: 8919b6c764ed45b04fbeca8a8a1b0471ebb8494ec5409ee9ec6ae0c617903526
                                          • Instruction Fuzzy Hash: 26E0C2E2B4BA2481ED0A2B167C4539916429B4DFB0F4E4730DD0C0B382DA3CCCC2CB10
                                          Function 00620D70 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _errno
                                          • String ID:
                                          • API String ID: 2918714741-0
                                          • Opcode ID: 80b4e4e6e1ed464733dcb675a5ae1ff1b548b5ab32e5795dadcac39a3e59d645
                                          • Instruction ID: e75955a01c41462410e56a6887de73f7a7ecc8e98c4ac9436b01e5f222aeb070
                                          • Opcode Fuzzy Hash: 80b4e4e6e1ed464733dcb675a5ae1ff1b548b5ab32e5795dadcac39a3e59d645
                                          • Instruction Fuzzy Hash: 49E08C72B5B62883ED0A2B267C413981981AB8DB30F9D4A209D1C0B382DA78DC828B50
                                          Function 005062C0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: MoveWindow
                                          • String ID:
                                          • API String ID: 2234453006-0
                                          • Opcode ID: 88173da6dd73192b5fae76e42e176b96cec922a92949f3aff23cd165b0d193bd
                                          • Instruction ID: 6d8eb67b4a29d0263b70abb573c855793d5ad68f8557824da45e47110fca141d
                                          • Opcode Fuzzy Hash: 88173da6dd73192b5fae76e42e176b96cec922a92949f3aff23cd165b0d193bd
                                          • Instruction Fuzzy Hash: C1D0EC76B1438087C7508B15E405B4ABBA0F3D9798F508514DA8887B24DA3DE546CF00
                                          Function 00612B70 Relevance: 1.4, APIs: 1, Instructions: 184COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0d2c1f30097d308beec29d23b98b633f8a6964ec2648ee75adf4f7b3098634f
                                          • Instruction ID: 08d9617a65534b30fed51e7fec760bd4c198125ba00fdc61c00d0919f3af5902
                                          • Opcode Fuzzy Hash: a0d2c1f30097d308beec29d23b98b633f8a6964ec2648ee75adf4f7b3098634f
                                          • Instruction Fuzzy Hash: 8671B3737047418BC764CF29E490A9E77A2F744B98B548515EF9987B18DB38D8E2CB80
                                          Function 0064C120 Relevance: 1.4, APIs: 1, Instructions: 105COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00670850: TlsGetValue.KERNEL32 ref: 00670865
                                          • memcpy.MSVCRT ref: 0064C1B0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Valuememcpy
                                          • String ID:
                                          • API String ID: 574835123-0
                                          • Opcode ID: dd55f38682c89ed623b966f8f8d3ef17c54a6213905a86a0ee6fc38255864947
                                          • Instruction ID: 4123ab3a47778e565a88b47e538cc1906f1dfb792be289246faf6808a6195876
                                          • Opcode Fuzzy Hash: dd55f38682c89ed623b966f8f8d3ef17c54a6213905a86a0ee6fc38255864947
                                          • Instruction Fuzzy Hash: FE317B233073808ADF9A9B6AE5006BC6742E785BB0F0C8234DF1903B81EB74C9D2C354
                                          Function 004E17C0 Relevance: 1.3, APIs: 1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8e43d2865e280fdec10bc3be959669a7e51df395dcd422e8de12c44416752fba
                                          • Instruction ID: ef87d651a8b2f0870f30bd58fde4a2d743dae86be91a6f77b8442848d43c8527
                                          • Opcode Fuzzy Hash: 8e43d2865e280fdec10bc3be959669a7e51df395dcd422e8de12c44416752fba
                                          • Instruction Fuzzy Hash: C0214C7271029045DB24BB37A81971F9351BB45BEAF10821BFE2A4FBA5DA3CC403CB49
                                          Function 006B1F40 Relevance: 1.3, APIs: 1, Instructions: 75COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID:
                                          • API String ID: 3510742995-0
                                          • Opcode ID: af3c56e06f854bee8b6abfd69c1f9de073c7d4a594e850e9ee54d0d24f01197d
                                          • Instruction ID: 2b0a2b7e92e50925e4de538a6ffd85c6056f9395306bc92c39f5da92ca2f4e50
                                          • Opcode Fuzzy Hash: af3c56e06f854bee8b6abfd69c1f9de073c7d4a594e850e9ee54d0d24f01197d
                                          • Instruction Fuzzy Hash: 24217876B027849EDF00EFB2D8551EC37A6F759798B80042AEE0D1BB09EB34C589C340
                                          Function 005BC7A0 Relevance: 1.3, APIs: 1, Instructions: 71COMMON
                                          Download Yara Rule
                                          APIs
                                          • free.MSVCRT(?,?,?,?,?,005BD0D3), ref: 005BC848
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: free
                                          • String ID:
                                          • API String ID: 1294909896-0
                                          • Opcode ID: c9951660bc7727806f607042b9331c3e90642682582533f181bb77fe85bf8b02
                                          • Instruction ID: d1b062e79d61c6ad6265308f3e49f5e631ac9fbdf12c784fee999b67473a079e
                                          • Opcode Fuzzy Hash: c9951660bc7727806f607042b9331c3e90642682582533f181bb77fe85bf8b02
                                          • Instruction Fuzzy Hash: BE21C0627056408ADA24DF16E8407E9BFA0F74CB84F4C8935FE5D07B04EB38D982C748
                                          Function 006B2040 Relevance: 1.3, APIs: 1, Instructions: 55COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpy
                                          • String ID:
                                          • API String ID: 3510742995-0
                                          • Opcode ID: 76b2fff45bffcc85af6cb554d46b7360d9e5f55d60abb6fa3db00185d9dc8f4d
                                          • Instruction ID: 3781eb0eed1d7a3d7a1e5536a6a72d0c7e400490ccb7fbd12ef4a6db60d24937
                                          • Opcode Fuzzy Hash: 76b2fff45bffcc85af6cb554d46b7360d9e5f55d60abb6fa3db00185d9dc8f4d
                                          • Instruction Fuzzy Hash: 67116D76F02B599DEF04EBB2E4995DD37B6B749788B404029EE0E27B18EE34C145C740

                                          Non-executed Functions

                                          Function 0059C350 Relevance: 63.6, APIs: 29, Strings: 7, Instructions: 580windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Select$Bits$Object$Palette$CompatibleCreate$ColorsDeleteUpdate$BitmapModePixelReleasememset
                                          • String ID: $($XGetImage Failure$XGetImage: not implemented for empty bitmap handles$XGetImage: not implemented for format != XYPixmap$XGetImage: not implemented for plane_mask != 1$`%z
                                          • API String ID: 1204624533-1323841983
                                          • Opcode ID: cedbadf00fec2bacdd2e9d24fcba41762f709cfe574370d9bb8e41fa8116c141
                                          • Instruction ID: 70aa87b77f57da2e5c1e337b814b1596d83965ac20969a3d70e22ab2259854a2
                                          • Opcode Fuzzy Hash: cedbadf00fec2bacdd2e9d24fcba41762f709cfe574370d9bb8e41fa8116c141
                                          • Instruction Fuzzy Hash: 784256722197808BDB64CF26E858B5EBFA4F789B84F445119EE8A47B68DB7CD444CF00
                                          Function 0057A220 Relevance: 55.3, APIs: 14, Strings: 17, Instructions: 1018stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: isspace$strrchr
                                          • String ID: Bad index created$`%z$any$bad text index "$chars$display$end$first$indices$last$lineend$lines$linestart$sel$text doesn't contain any characters tagged with "$wordend$wordstart
                                          • API String ID: 3222196888-1232697434
                                          • Opcode ID: fa4e7fbafe2437918e6d42d2abfdca6de0191d30ef6c21511a582973a49f8cb5
                                          • Instruction ID: f5e568221d7211b109fe544fb795cf816a07acc067cc88fcfc7c32a698f3921f
                                          • Opcode Fuzzy Hash: fa4e7fbafe2437918e6d42d2abfdca6de0191d30ef6c21511a582973a49f8cb5
                                          • Instruction Fuzzy Hash: E492AD76718A9086DB24CF26E45876E7BA1F7C4BC4F458022EE8E47B58DB7DC844E702
                                          Function 00516060 Relevance: 33.6, APIs: 6, Strings: 13, Instructions: 308COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • bad ASCII character 0x%x, xrefs: 00516442
                                          • `%z, xrefs: 00516073
                                          • missing ">" in virtual binding, xrefs: 00516396
                                          • specified keysym ", xrefs: 005164A6
                                          • <Alt_L>, xrefs: 00516064
                                          • extra characters after detail in binding, xrefs: 005163F4
                                          • " for non-key event, xrefs: 00516497
                                          • missing ">" in binding, xrefs: 005162DF
                                          • " for non-button event, xrefs: 0051657E
                                          • no event type or button # or keysym, xrefs: 00516420
                                          • bad event type or keysym ", xrefs: 005164EC
                                          • specified button ", xrefs: 0051658D
                                          • virtual event "<<>>" is badly formed, xrefs: 00516552
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: isspace$isprint
                                          • String ID: " for non-button event$" for non-key event$<Alt_L>$`%z$bad ASCII character 0x%x$bad event type or keysym "$extra characters after detail in binding$missing ">" in binding$missing ">" in virtual binding$no event type or button # or keysym$specified button "$specified keysym "$virtual event "<<>>" is badly formed
                                          • API String ID: 3603690917-149565639
                                          • Opcode ID: 3436f3aa7f29c113b4380579b1bfacc7710406faa46364f0b39bbeb437122bd2
                                          • Instruction ID: 6a81f06a9fe4e1bbf3d8e45fe54a3e30ebd0cc52281e1c8a0e6c814ab593c7e2
                                          • Opcode Fuzzy Hash: 3436f3aa7f29c113b4380579b1bfacc7710406faa46364f0b39bbeb437122bd2
                                          • Instruction Fuzzy Hash: F2D1AF76608A80CAFB25CF55E4883EA7FA1F389B84F498026EF9A47755DB7DD484C700
                                          Function 00642130 Relevance: 26.9, APIs: 4, Strings: 11, Instructions: 625COMMON
                                          Download Yara Rule
                                          Strings
                                          • variable is not assigned by any conversion specifiers, xrefs: 0064238D
                                          • bad scan conversion character ", xrefs: 00642543
                                          • different numbers of variable names and field specifiers, xrefs: 00642B5C
                                          • , xrefs: 0064313F
                                          • %, xrefs: 00642210
                                          • couldn't set variable ", xrefs: 00642844
                                          • "%n$" argument index out of range, xrefs: 006435BD
                                          • string format ?varName varName ...?, xrefs: 00642590
                                          • %, xrefs: 00642768
                                          • variable is assigned by multiple "%n$" conversion specifiers, xrefs: 006428EF
                                          • cannot mix "%" and "%n$" conversion specifiers, xrefs: 0064317A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $"%n$" argument index out of range$%$%$bad scan conversion character "$cannot mix "%" and "%n$" conversion specifiers$couldn't set variable "$different numbers of variable names and field specifiers$string format ?varName varName ...?$variable is assigned by multiple "%n$" conversion specifiers$variable is not assigned by any conversion specifiers
                                          • API String ID: 0-3235195544
                                          • Opcode ID: 444e100f58f4905fc6aa8c339fa3d6801ecbfc281c74ef7f9c0903e7b4d0751f
                                          • Instruction ID: e14cb29c2bf9a83eec9d096cf1b529cbe8b6894d8288518554cd45c35d266bcd
                                          • Opcode Fuzzy Hash: 444e100f58f4905fc6aa8c339fa3d6801ecbfc281c74ef7f9c0903e7b4d0751f
                                          • Instruction Fuzzy Hash: 8332D3722086D186DB70DF26E4643AFB7A2F784B84FA08515EE8A47B48EF7CC545CB50
                                          Function 005CE310 Relevance: 24.5, Strings: 19, Instructions: 714COMMON
                                          Download Yara Rule
                                          Strings
                                          • default, xrefs: 005CE54D
                                          • ?switches? string pattern body ... ?default body?, xrefs: 005CEB90
                                          • -matchvar, xrefs: 005CEE4E
                                          • fall-out when searching for body to match pattern, xrefs: 005CE9F3
                                          • extra switch pattern with no body, xrefs: 005CEFE4, 005CF003
                                          • bad option ", xrefs: 005CEE25
                                          • no body specified for pattern ", xrefs: 005CEB5F
                                          • -matchvar option requires -regexp option, xrefs: 005CEAFB
                                          • option already found, xrefs: 005CEDFC
                                          • option, xrefs: 005CE3A0
                                          • ..., xrefs: 005CED54
                                          • -indexvar option requires -regexp option, xrefs: 005CEA3B
                                          • ("%.*s%s" arm line %d), xrefs: 005CED64
                                          • , this may be due to a comment incorrectly placed outside of a switch body - see the "switch" documentation, xrefs: 005CF05C
                                          • option, xrefs: 005CEE36, 005CEE66
                                          • ": , xrefs: 005CEE15
                                          • ?switches? string {pattern body ... ?default body?}, xrefs: 005CEE96
                                          • missing variable name argument to , xrefs: 005CEE55, 005CEE85
                                          • -indexvar, xrefs: 005CEE7E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ("%.*s%s" arm line %d)$ option$ option already found$": $, this may be due to a comment incorrectly placed outside of a switch body - see the "switch" documentation$-indexvar$-indexvar option requires -regexp option$-matchvar$-matchvar option requires -regexp option$...$?switches? string pattern body ... ?default body?$?switches? string {pattern body ... ?default body?}$bad option "$default$extra switch pattern with no body$fall-out when searching for body to match pattern$missing variable name argument to $no body specified for pattern "$option
                                          • API String ID: 0-2522073815
                                          • Opcode ID: e1d8c75384b565a8ab5c4773855d69ab6bef65de51813866556a45d8036b16fc
                                          • Instruction ID: e856ffe0117cd44583ba85f8603138753c2fc1ace7146463346e2f8f4cecc2f3
                                          • Opcode Fuzzy Hash: e1d8c75384b565a8ab5c4773855d69ab6bef65de51813866556a45d8036b16fc
                                          • Instruction Fuzzy Hash: 5D62D076608B808ADB20CF96E486B9E7BA1F784BC4F144519DE8E47B58EF7DD844CB40
                                          Function 004E4180 Relevance: 13.9, Strings: 11, Instructions: 185COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: -buffering$-encoding$-translation$8.5$F1r$`%z$console0$console1$console2$none$utf-8
                                          • API String ID: 0-3826540352
                                          • Opcode ID: 2427bdbf863d225b698de40dd78d1bb3aef0ee07784da0d12ce766973dafaeda
                                          • Instruction ID: 1e6659f7d05fae26963478c13b461e94330cb6e6173c9d6cd09ed5fe3fbc7594
                                          • Opcode Fuzzy Hash: 2427bdbf863d225b698de40dd78d1bb3aef0ee07784da0d12ce766973dafaeda
                                          • Instruction Fuzzy Hash: 7C8106B6604A4882EB449F66E8543A937A1F788F95F49803BCE0E477A4DF3CDA49C351
                                          Function 0063A190 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 165stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strlen$memcpystrchr
                                          • String ID: 8.4$@!z
                                          • API String ID: 2999326979-207779363
                                          • Opcode ID: 543ec771a98db9d97872e8f1aa26688c64dde2b5c7e526cf7be9926aa39bd7ac
                                          • Instruction ID: f80acd6d9dd0ecde95b053585029410329790de674f8672d84c988a95ca4e7e0
                                          • Opcode Fuzzy Hash: 543ec771a98db9d97872e8f1aa26688c64dde2b5c7e526cf7be9926aa39bd7ac
                                          • Instruction Fuzzy Hash: 4F510A7232578145DB85AFB7A8566AF5742EBC5BC0F482429FE8B8BB05DE78C400DB90
                                          Function 00608040 Relevance: 11.6, Strings: 9, Instructions: 303COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: " missing$", there are no file attributes in this filesystem.$": $bad option "$could not read "$must not update objPtrRef's variable and return non-NULL$name ?option? ?value? ?option value ...?$option$value for "
                                          • API String ID: 0-3651259908
                                          • Opcode ID: f418919a9e5b243162252e14e39133cdbdce7cb9e1d52e1c9d3464cb84cc6c13
                                          • Instruction ID: 503d9be846d2a7df01b4619fe4ac529b0e7b6de2a596ddfa43b98a411aeff803
                                          • Opcode Fuzzy Hash: f418919a9e5b243162252e14e39133cdbdce7cb9e1d52e1c9d3464cb84cc6c13
                                          • Instruction Fuzzy Hash: 10B12672344B408AEB18DF56E8103AB6763FB84BD4F144429EE8E47785EF78C585CB80
                                          Function 00596000 Relevance: 10.3, Strings: 8, Instructions: 306COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: System3dDarkShadow$System3dLight$SystemButtonHighlight$SystemButtonShadow$TkpGetShadows couldn't allocate bitmap for border$`%z$gfff$gray50
                                          • API String ID: 0-1566796324
                                          • Opcode ID: b8ffffaa60746468591f73f098d8cf5cd4461bba4d68b47dd021ffd624d56f78
                                          • Instruction ID: 1664e2f4a84b67af9cc14d72ea18c40d52a4e34d380fc5594111cfda8307e730
                                          • Opcode Fuzzy Hash: b8ffffaa60746468591f73f098d8cf5cd4461bba4d68b47dd021ffd624d56f78
                                          • Instruction Fuzzy Hash: A8C1FB72615B4586DB18DF35E44532EBFAAFBC5BC4F108226EA4D97BA8DB38C445C700
                                          Function 0062A1A0 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 190stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • can't create namespace ", xrefs: 0062A4C7
                                          • can't create namespace "": only global namespace can have empty name, xrefs: 0062A49E
                                          • ": already exists, xrefs: 0062A4C0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpystrcpystrlen
                                          • String ID: ": already exists$can't create namespace "$can't create namespace "": only global namespace can have empty name
                                          • API String ID: 2889119822-4055931731
                                          • Opcode ID: ab298b4ae91707f0a5bfe857453e6c6b484a1a6a037edec97889aed1d6675ec9
                                          • Instruction ID: 28f1f6e5ce9c965a536b5ba8158db579b768954e89a2dd8f4a120b79ae4b0184
                                          • Opcode Fuzzy Hash: ab298b4ae91707f0a5bfe857453e6c6b484a1a6a037edec97889aed1d6675ec9
                                          • Instruction Fuzzy Hash: 30816C72204B9086EB64DF22F85539BB7A2F789B88F444129EF8A47B54DF7CD049CB40
                                          Function 00668140 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: CloseHandle$ControlDeviceErrorLastmemset
                                          • String ID:
                                          • API String ID: 570221192-0
                                          • Opcode ID: 623f1bfd92ad448fb7d0190c9331df1c1f26618c0571c2b29dd3f89c640deeb9
                                          • Instruction ID: 99e9a2d53929168a72199bb2b29aed253fd852a52d9d808f69b757368fb5fcde
                                          • Opcode Fuzzy Hash: 623f1bfd92ad448fb7d0190c9331df1c1f26618c0571c2b29dd3f89c640deeb9
                                          • Instruction Fuzzy Hash: 3F219D32718A808AEB248F62E86475A7666F7C8BA4F444324EE6A07BD4CF7DC509C740
                                          Function 0065C000 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 280stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strpbrk$strcmp
                                          • String ID: *[?\$?pattern?
                                          • API String ID: 1015704183-2288588395
                                          • Opcode ID: 697c53a2593a4b89a5f5638e627337566c7b3b953836115eb752d5d934010f34
                                          • Instruction ID: 0974c5f338f8d2b42879f7278c6053d172fd90093635ec5ab161c7501b21c548
                                          • Opcode Fuzzy Hash: 697c53a2593a4b89a5f5638e627337566c7b3b953836115eb752d5d934010f34
                                          • Instruction Fuzzy Hash: B9911322305B4489DE649B66D8247BFA393FB86FE5F588029DE0E07B45EF38C449D344
                                          Function 005FC1B0 Relevance: 4.0, Strings: 3, Instructions: 297COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (reading increment)$%s called with shared object$TclIncrObj
                                          • API String ID: 0-943296455
                                          • Opcode ID: e7a1fa2005119279e20b351ad105806b8c8fbcdcddedda1587b7734509a98958
                                          • Instruction ID: d4a86e3243f7a78c558e22921c87919f64320c8b676a7ec3898e0556608a44b9
                                          • Opcode Fuzzy Hash: e7a1fa2005119279e20b351ad105806b8c8fbcdcddedda1587b7734509a98958
                                          • Instruction Fuzzy Hash: 09B17E72705A4C86CB24CF25E58036A6BA1F389BD4F584636DB9E87798DF3CD940C740
                                          Function 005E61D0 Relevance: 3.2, Strings: 2, Instructions: 686COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: j}u$tcl::mathfunc::
                                          • API String ID: 0-458771281
                                          • Opcode ID: a04bcbbb22f9e917bede53e15737d8efb10c30c1b9eec0aba7f535b84108d3f3
                                          • Instruction ID: 4c375399c742e46cd1d674ad9b0a261793d6b5a885286e63fa8b3b0ee8811e66
                                          • Opcode Fuzzy Hash: a04bcbbb22f9e917bede53e15737d8efb10c30c1b9eec0aba7f535b84108d3f3
                                          • Instruction Fuzzy Hash: F552D2B32096C1C6DB18CF2AD448B6E7FA6F398BC4F968525DB9987754DB38C490CB00
                                          Function 0056E170 Relevance: 2.7, Strings: 2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Strings
                                          • `%z, xrefs: 0056E1A6
                                          • TkBTreePrevTag found incorrect tag summary info., xrefs: 0056E419
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TkBTreePrevTag found incorrect tag summary info.$`%z
                                          • API String ID: 0-421759896
                                          • Opcode ID: 076b35320c6c56eb80bc26b76c44445489552da34cb765d41d75a52d647ee6b5
                                          • Instruction ID: 7fe132270195c293ad0e37224e7954d3458f7b286f99cab31f2af641d7af28e7
                                          • Opcode Fuzzy Hash: 076b35320c6c56eb80bc26b76c44445489552da34cb765d41d75a52d647ee6b5
                                          • Instruction Fuzzy Hash: E7718D7A307B04CADF298F66D5527293B66F718F88F58991AEE0E47714EB34D881C740
                                          Function 005DC0F0 Relevance: 1.9, Strings: 1, Instructions: 606COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: -nocase
                                          • API String ID: 0-1138118540
                                          • Opcode ID: 1fc63557b7fcac0fa93b5510e88df1e3276f078f69cac31dfb7c35f9b6764282
                                          • Instruction ID: 326dfe9aab8d046396c418d47f01093ed091d8320a3cb81e5cd958d7a8694ea3
                                          • Opcode Fuzzy Hash: 1fc63557b7fcac0fa93b5510e88df1e3276f078f69cac31dfb7c35f9b6764282
                                          • Instruction Fuzzy Hash: 9C423A72204A4287EB35CF2EE48475ABFA2F794B80F55C527CB8A87764DB79E845C700
                                          Function 0067A030 Relevance: 1.5, APIs: 1, Instructions: 271COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2afb247678cddf740310f4b302cbb2764320b41bce220f4397db5ac83ee1d69d
                                          • Instruction ID: 956b17f8c5de2bb5a0990698ad0b9cab6da6d47093f513f94ee46a37703ecc94
                                          • Opcode Fuzzy Hash: 2afb247678cddf740310f4b302cbb2764320b41bce220f4397db5ac83ee1d69d
                                          • Instruction Fuzzy Hash: C4A1BD7231478486DB20CF5AE480BAE77A6F788B98F95C516DF4E87714EB39D881CB01
                                          Function 005AC260 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `%z
                                          • API String ID: 0-4021639927
                                          • Opcode ID: 687c74e212a1ec30f55dfe576989700da60665b1635af6fdc2859aabc147a0c3
                                          • Instruction ID: de105460337d351af76aec959828f366b57c53b2da7f2b19582a6be7153e24b2
                                          • Opcode Fuzzy Hash: 687c74e212a1ec30f55dfe576989700da60665b1635af6fdc2859aabc147a0c3
                                          • Instruction Fuzzy Hash: 55B16332604F8485DB26DF35E4503AEBBA4FB9A7C4F149712EE9927A24DF38D496C700
                                          Function 00654290 Relevance: .2, Instructions: 212COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee766d1b3254fee8868d298fd54a5da9c14218b1223fa096fb414039b15b04ca
                                          • Instruction ID: 313f56937b3820150016e99e04c06db81d53e7f64529e7a4835902e0357c6daf
                                          • Opcode Fuzzy Hash: ee766d1b3254fee8868d298fd54a5da9c14218b1223fa096fb414039b15b04ca
                                          • Instruction Fuzzy Hash: 3771D172714A448ACB54DF26E44076F7BA2F784BCDF148169EE0B4B718EF39C8898780
                                          Function 00570010 Relevance: .2, Instructions: 184COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef1237d2f3798445b4a10d7caadb7e1fd7151b7c826d9389fb5df56c514ba5f9
                                          • Instruction ID: b5453d3df3ab53f545fead9a00a3ad2882d5c455ad7c9ffaa8fc7900b3b443cf
                                          • Opcode Fuzzy Hash: ef1237d2f3798445b4a10d7caadb7e1fd7151b7c826d9389fb5df56c514ba5f9
                                          • Instruction Fuzzy Hash: C6719776705B44CADB18CF26E98871A7BE0F788B94F04942AEF8D47B94DB38C4A1D740
                                          Function 007A8014 Relevance: .0, Instructions: 2COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9dd186c077c61bf56ca7cca78b78ab3831236cddefce50df4072602d650e6d14
                                          • Instruction ID: 0370f16398d574c54393a7646049e9c3bfa5db6b65633321626a10225b0e3f3f
                                          • Opcode Fuzzy Hash: 9dd186c077c61bf56ca7cca78b78ab3831236cddefce50df4072602d650e6d14
                                          • Instruction Fuzzy Hash: EB900252B0D7C006D703C6341C119083E2260438043C9809AC39183583A40D0A698215
                                          Function 007A8204 Relevance: .0, Instructions: 2COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b244b4f70fad90b39670434564d88c45866e8bd85f7bd71bacdac0a2d37a02e
                                          • Instruction ID: b950b05ed8faac2f6b3da6720fe9a5bb0f69c1b02170e6b7912bf9676fa86fed
                                          • Opcode Fuzzy Hash: 8b244b4f70fad90b39670434564d88c45866e8bd85f7bd71bacdac0a2d37a02e
                                          • Instruction Fuzzy Hash:
                                          Function 00676270 Relevance: 49.1, APIs: 16, Strings: 12, Instructions: 144fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: fprintf$fwrite$fputc$sprintf
                                          • String ID: %ld-%ld$ (#%d)$ L:%s$ R:%s$ UNUSED$ hasbackref$ hascapture$ hasmixed$ longest$ shortest$ {%d,$%s. `%c'
                                          • API String ID: 1419644048-3489684477
                                          • Opcode ID: cbd5abe28acec43ae6a92b7f0232c2ab39561aa38db50c1177bdcaacfa24dd4a
                                          • Instruction ID: 70760e23a9468f7b7607105bc2a9267eb63b327a5e18beb2b5972d113f426c8e
                                          • Opcode Fuzzy Hash: cbd5abe28acec43ae6a92b7f0232c2ab39561aa38db50c1177bdcaacfa24dd4a
                                          • Instruction Fuzzy Hash: BA51C160329EA085EF54AF22D4157EC27539B42FC8F54C026ED4E1BB9ADA6FDA07C314
                                          Function 006200D0 Relevance: 31.7, APIs: 1, Strings: 17, Instructions: 243COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: islower
                                          • String ID: while processing open access modes "$" not supported by this system$": must be RDONLY, WRONLY, RDWR, APPEND, BINARY, CREAT, EXCL, NOCTTY, NONBLOCK, or TRUNC$APPEND$BINARY$CREAT$EXCL$NOCTTY$NONBLOCK$RDONLY$RDWR$TRUNC$WRONLY$access mode "$access mode must include either RDONLY, WRONLY, or RDWR$illegal access mode "$invalid access mode "
                                          • API String ID: 3326879001-2411178476
                                          • Opcode ID: e7931a9ff08624c850ac5f701e077cb6a18ea9f1e574f5e9966d7e7cc3e8c5c9
                                          • Instruction ID: e389f60908576d1186de982c7f062d1fc01178642ba4771d9bcf7cbca4ccbb19
                                          • Opcode Fuzzy Hash: e7931a9ff08624c850ac5f701e077cb6a18ea9f1e574f5e9966d7e7cc3e8c5c9
                                          • Instruction Fuzzy Hash: 09813671708E658AFB28DB26FC243F52A12A7017C0F984113DE1A0BB97DBBDD946CB40
                                          Function 005B40F0 Relevance: 24.3, APIs: 8, Strings: 8, Instructions: 257stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf$strlen
                                          • String ID: %d$%.15g setlinewidth$StrokeClip $[%d$[] 0 setdash$] %d setdash$`%z$stroke
                                          • API String ID: 3793847852-1195482337
                                          • Opcode ID: f9b044ac4ac9c5f8ce90bc128f6048a70c9b82ccb38d2bf1f8bca815a83aa51b
                                          • Instruction ID: 443c104b509283d1ebbe5ff09bd7d7fc6f69f420cd2c98477ee73c2995f56208
                                          • Opcode Fuzzy Hash: f9b044ac4ac9c5f8ce90bc128f6048a70c9b82ccb38d2bf1f8bca815a83aa51b
                                          • Instruction Fuzzy Hash: 62B1AE36315A9496CB60CF26E8447AE77A4FB89BC4F448612EF4D47B24DF39E585CB00
                                          Function 005462DD Relevance: 22.7, APIs: 4, Strings: 11, Instructions: 222COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: safe interpreter$" has no file writing capability$" is unknown$can't write image to a file in a$coordinates for -from option extend $fileName ?options?$has file writing capability$image file format "$no available image file format $outside image$unexpected fallthrough
                                          • API String ID: 0-2032329544
                                          • Opcode ID: 2bdefcf2990eebbb2faf29c30547ad86c9254ba6726578e71ed424e87edac814
                                          • Instruction ID: 28e2f56be2e3175700308b6ae3d943a6ad4101ff71911042822ed449b5fff564
                                          • Opcode Fuzzy Hash: 2bdefcf2990eebbb2faf29c30547ad86c9254ba6726578e71ed424e87edac814
                                          • Instruction Fuzzy Hash: CA916A76308B8585DB648B16E4947EA7BA0F789FC8F448426CE4E47B14DF7CC548D701
                                          Function 0061C110 Relevance: 21.3, APIs: 2, Strings: 12, Instructions: 290stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • RegisterTcpServerCleanup: damaged accept record table, xrefs: 0061C477
                                          • tclTCPAcceptCallbacks, xrefs: 0061C440, 0061C5D9
                                          • ?-myaddr addr? ?-myport myport? ?-async? host port, xrefs: 0061C320
                                          • no argument given for -server option, xrefs: 0061C53E
                                          • tcp, xrefs: 0061C2E6, 0061C3BC
                                          • -server command ?-myaddr addr? port, xrefs: 0061C34E
                                          • option, xrefs: 0061C1F6
                                          • option -myport is not valid for servers, xrefs: 0061C271
                                          • no argument given for -myaddr option, xrefs: 0061C522
                                          • cannot set -async option for server sockets, xrefs: 0061C4EA
                                          • no argument given for -myport option, xrefs: 0061C506
                                          • Tcl_SocketObjCmd: bad option index to SocketOptions, xrefs: 0061C2B3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpystrlen
                                          • String ID: -server command ?-myaddr addr? port$?-myaddr addr? ?-myport myport? ?-async? host port$RegisterTcpServerCleanup: damaged accept record table$Tcl_SocketObjCmd: bad option index to SocketOptions$cannot set -async option for server sockets$no argument given for -myaddr option$no argument given for -myport option$no argument given for -server option$option$option -myport is not valid for servers$tclTCPAcceptCallbacks$tcp
                                          • API String ID: 3412268980-2204963736
                                          • Opcode ID: f2d2ab77b537d5b54cf7e282a8c9f42d109951d4cf7b3c2b12eba19c147f733e
                                          • Instruction ID: 5023231160994bf68369f35118278f45b521645797c2fae2af5b58270b7e6a47
                                          • Opcode Fuzzy Hash: f2d2ab77b537d5b54cf7e282a8c9f42d109951d4cf7b3c2b12eba19c147f733e
                                          • Instruction Fuzzy Hash: B7A1227234964086EB54EF25E8A17EEA363F784BE0F88502AEE0A47755DF3DD881C744
                                          Function 004FE100 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 151windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: MessageSend$LongWindow$Parent
                                          • String ID: G$N$`%z
                                          • API String ID: 1638718586-1486523917
                                          • Opcode ID: b3d61f70fa40db694f75860c19b1c9d55fe67d8e487181c54b40aae5509bb91b
                                          • Instruction ID: b286b892b7c58ca65a7c75c9c999d18c521bcab94e540c276b0dff1396844614
                                          • Opcode Fuzzy Hash: b3d61f70fa40db694f75860c19b1c9d55fe67d8e487181c54b40aae5509bb91b
                                          • Instruction Fuzzy Hash: 6E51D222701A5485DB148B27EE44B7E2266FB99FC6F598422DF0E47BB4EB3DC441C30A
                                          Function 00554350 Relevance: 17.0, APIs: 4, Strings: 7, Instructions: 463COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: to $ to itself$" is not managed by $`%z$can't add $can't add toplevel $window "
                                          • API String ID: 0-3844668646
                                          • Opcode ID: aefd8a909e23233f035510a5df33e9bdd99f8b1f9afafea3c27472d4c53dad5d
                                          • Instruction ID: 36f1c28779826a7261e6777ab76b691595945ae8782fac8183cc9c1440d38c4f
                                          • Opcode Fuzzy Hash: aefd8a909e23233f035510a5df33e9bdd99f8b1f9afafea3c27472d4c53dad5d
                                          • Instruction Fuzzy Hash: 83126776614B8486DB10CF26E8547AA7BA1F788FC9F148126DF9D17B58EF38C489CB00
                                          Function 005120C0 Relevance: 16.6, APIs: 2, Strings: 9, Instructions: 127stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintfstrlen
                                          • String ID: `%z$bad relief type "%.50s": must be %s$flat$flat, groove, raised, ridge, solid, or sunken$groove$raised$ridge$solid$sunken
                                          • API String ID: 1090396089-762758841
                                          • Opcode ID: d146bb4302ebf8373b3bf50299f2873ada83d17a4b9cc44d6cf579f516f04070
                                          • Instruction ID: eadb597ba86e92d53466c032bc36a364f1b530ffd89fa4109d99729cbc0cceca
                                          • Opcode Fuzzy Hash: d146bb4302ebf8373b3bf50299f2873ada83d17a4b9cc44d6cf579f516f04070
                                          • Instruction Fuzzy Hash: 6841D222B4528472FF74CA21EA14FB42E12F718389F848426CA0D1BF54EB6D5DE5C302
                                          Function 00668300 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 361stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strpbrk
                                          • String ID: ": $*.*$.$[]\$\\?\$couldn't read directory "
                                          • API String ID: 3024680390-2462908280
                                          • Opcode ID: 352729c70c29c8e14a41397df7269ee015bce25d0a362e9f55e0ac25955ede98
                                          • Instruction ID: a0993ce9d61d44187f907b3052f9999d4c5c722717ba25e8b9c614f2011b5b37
                                          • Opcode Fuzzy Hash: 352729c70c29c8e14a41397df7269ee015bce25d0a362e9f55e0ac25955ede98
                                          • Instruction Fuzzy Hash: 63D1F2623186808ACB64EB36E4543AE6793F7C5FD4F444629FE4A47B99DF3CC8858B04
                                          Function 0050A020 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 168windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: ClassLongMessageSend
                                          • String ID: " isn't a top-level window$Can't set icon; window has no wrapper.$Unable to set icon$`%z$window "
                                          • API String ID: 2755957334-3056761561
                                          • Opcode ID: 68dcbf638f0d4783a20d358a8cb6eaee47013da2abd245434e23e25679723ca5
                                          • Instruction ID: 4121a7da00dc5b20bac874ed28659a3af9258aa2f45263c876b8654414a4f4bd
                                          • Opcode Fuzzy Hash: 68dcbf638f0d4783a20d358a8cb6eaee47013da2abd245434e23e25679723ca5
                                          • Instruction Fuzzy Hash: 0551C332709B8681EA55DB66E85536E2B60F7C5FD0F448036DE0E47B95DE3DD841C342
                                          Function 0059A260 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 57COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: _stricmp$EnumFamiliesFont
                                          • String ID: Courier$Helvetica$Times$`%z
                                          • API String ID: 755624294-3461298045
                                          • Opcode ID: 5a04ea1418b94ed65d605a17a17650a5f84c56c629ce838023658cb68448bdfa
                                          • Instruction ID: cd62ceeb89f83defa619ab830820bab93e2534dfd2385cc62f4af10d6bd634ee
                                          • Opcode Fuzzy Hash: 5a04ea1418b94ed65d605a17a17650a5f84c56c629ce838023658cb68448bdfa
                                          • Instruction Fuzzy Hash: C111E066708A4191EF609B7AFD0039E2B90BB8AFC4F4845329D0E83B94DE2CD946C321
                                          Function 00538204 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 129COMMON
                                          Download Yara Rule
                                          APIs
                                          • sprintf.MSVCRT ref: 0053829C
                                            • Part of subcall function 0055BBD0: sprintf.MSVCRT ref: 0055BC04
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf
                                          • String ID: -column %d -row %d -columnspan %d -rowspan %d$ -sticky $-in$ipadx$ipady$padx$pady$w$window
                                          • API String ID: 590974362-2673471574
                                          • Opcode ID: c7dc68d7987be8e080ceebc3bebd1a190838aa1f3170c93bae5119eca6b3a6c2
                                          • Instruction ID: 10c1b9e0172e20fc49feb6b76e025b4f39422a3fd95d04542d5c3320bf335a5c
                                          • Opcode Fuzzy Hash: c7dc68d7987be8e080ceebc3bebd1a190838aa1f3170c93bae5119eca6b3a6c2
                                          • Instruction Fuzzy Hash: 2C51D3B2708A858ADB24CB29D854BBD3B51F795BC8F448422EE0907F59DF3DC549DB00
                                          Function 0066A150 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 94stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: FileModuleNamestrrchr$memcpysprintf
                                          • String ID: 8.5$lib/tcl%s
                                          • API String ID: 3286092984-1716964122
                                          • Opcode ID: 1419c51b4d28a27a56d30d2952dd14cb58b4edef80c3173e81ec509e718b5cce
                                          • Instruction ID: bf22ba3c1cfb5fef54184814bd0321981129624e02a7c979a35121338097ec61
                                          • Opcode Fuzzy Hash: 1419c51b4d28a27a56d30d2952dd14cb58b4edef80c3173e81ec509e718b5cce
                                          • Instruction Fuzzy Hash: 1E31E266305A8181EF54DF62EC5A3AB2352BB85BC8F488039EE8D47344EE3DC549C750
                                          Function 00546090 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 143stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strncmp
                                          • String ID: ": must be $, or$`%z$ambiguous option "$option$option ?arg arg ...?$photoOption$unexpected fallthrough
                                          • API String ID: 1114863663-2337892552
                                          • Opcode ID: 5109a84ba564ea03c5c8ecd07285ee6aff3654e820aa65e486e3705e4b27175e
                                          • Instruction ID: 43a6d67cbc660ec3b22d1c6d87148de781da64f0809d46cf3acdf82a11ba646e
                                          • Opcode Fuzzy Hash: 5109a84ba564ea03c5c8ecd07285ee6aff3654e820aa65e486e3705e4b27175e
                                          • Instruction Fuzzy Hash: B15165B6308A9485EB64CF26E8587EA2BA0F789FC8F458022CE0D47754DF7CC649C701
                                          Function 0052431D Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 109stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf$strcat
                                          • String ID: 0x%x$%s %d$can't find any visuals for screen$includeids$unknown$window ?includeids?
                                          • API String ID: 1886649711-2953645199
                                          • Opcode ID: 405680fe562aa278348bbae21379c3abc74f263ce9e70acd8c3686ed70b88a72
                                          • Instruction ID: dba9de24a333de869616a6938d5a4eaf84bf6ebdaa5e4f989b4660ad3134c074
                                          • Opcode Fuzzy Hash: 405680fe562aa278348bbae21379c3abc74f263ce9e70acd8c3686ed70b88a72
                                          • Instruction Fuzzy Hash: 1D41BE32309B9582DF14DF16F4443AA6B61FB86B94F414426EF5E1B798DF38CA45CB40
                                          Function 005C0360 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 314COMMON
                                          Download Yara Rule
                                          Strings
                                          • dict tzdata changeover, xrefs: 005C0383
                                          • time value too large/small to represent, xrefs: 005C0730
                                          • key "localseconds" not found in dictionary, xrefs: 005C0885
                                          • loop in ConvertLocalToUTCUsingTable, xrefs: 005C081D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: dict tzdata changeover$key "localseconds" not found in dictionary$loop in ConvertLocalToUTCUsingTable$time value too large/small to represent
                                          • API String ID: 0-280170892
                                          • Opcode ID: 30f9b4a61ec3cae165f0fc8c4915984b30f3f8ea5936e77b44dd2491691ba637
                                          • Instruction ID: e41752af50910d84f9ff5369a8dd53c6ca5a53cfbd2655ba51182d5892ee5639
                                          • Opcode Fuzzy Hash: 30f9b4a61ec3cae165f0fc8c4915984b30f3f8ea5936e77b44dd2491691ba637
                                          • Instruction Fuzzy Hash: 0DC18272608780CADB68DF65E80079A7BA1F784B94F44962ADE8D87B98DF38D444CF40
                                          Function 00634300 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 282stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • missing close-brace for variable name, xrefs: 006345EB
                                          • max # of tokens for a Tcl parse (%d) exceeded, xrefs: 00634343
                                          • missing ), xrefs: 00634743
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: isalnumstrlen
                                          • String ID: max # of tokens for a Tcl parse (%d) exceeded$missing )$missing close-brace for variable name
                                          • API String ID: 2796040287-3094105281
                                          • Opcode ID: a83fe55d89dbc62849e82e3be235d65e2747cc41cf9d01a898e20a7b9ea4cb24
                                          • Instruction ID: 02eca85b3c3586bea8821f0fe631c565a4cb33a5fe7c9ea8d666b92294e2f87f
                                          • Opcode Fuzzy Hash: a83fe55d89dbc62849e82e3be235d65e2747cc41cf9d01a898e20a7b9ea4cb24
                                          • Instruction Fuzzy Hash: 23B1F0726067808BDB24CF26D488B9AB7E6F749788F868129DF5E47704DF78E445CB80
                                          Function 005002B0 Relevance: 10.7, APIs: 7, Instructions: 212COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: LongVersionWindow
                                          • String ID:
                                          • API String ID: 1306634207-0
                                          • Opcode ID: ab5a8dcf4dc89f914320821c9f1638529d7ca91f16983b73b8637eb3e60b6a5f
                                          • Instruction ID: a7ae94d3ea227628a8db8776b92b3aec4301c6761ca6f7f14529017d26a91220
                                          • Opcode Fuzzy Hash: ab5a8dcf4dc89f914320821c9f1638529d7ca91f16983b73b8637eb3e60b6a5f
                                          • Instruction Fuzzy Hash: C1A1F436209BC586DB758F26E8543EEB7A1F788B88F448526DE8D47B98DF38C544CB40
                                          Function 00530230 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 249COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: atoi
                                          • String ID: -$`%z$gfff$iso8859-1
                                          • API String ID: 657269090-1302496062
                                          • Opcode ID: 794f014fe3f223505bd328d9395a517e16b59ae0e94b67e30ef5a1c9af2600fd
                                          • Instruction ID: 05841424757353a3bc13cf887e46a69781a703e7bb45ba6a2d291d7af0d137c6
                                          • Opcode Fuzzy Hash: 794f014fe3f223505bd328d9395a517e16b59ae0e94b67e30ef5a1c9af2600fd
                                          • Instruction Fuzzy Hash: C49106723047D486DF24DF29E4687BE3FA5F749B84F48A426DA8987394DB39C986C700
                                          Function 00590340 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 111stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcpy$memcpystrlen
                                          • String ID: `%z$index text
                                          • API String ID: 3796216942-51182388
                                          • Opcode ID: 5664fbf19f41eb9fbfbbe893df356a802d2865ebcf9dbf36bf02bca229cb7151
                                          • Instruction ID: 4a86ecd5222372722709c23d1312dbfc5c79bd5f89154207885708062f3c7b28
                                          • Opcode Fuzzy Hash: 5664fbf19f41eb9fbfbbe893df356a802d2865ebcf9dbf36bf02bca229cb7151
                                          • Instruction Fuzzy Hash: 74419C76315A808ACF10DF17E94965AABA1FB89FD8F548822EF8E47B54DE3DC445C700
                                          Function 00510150 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memset$strcmpstrcpystrlen
                                          • String ID: `%z
                                          • API String ID: 481343199-4021639927
                                          • Opcode ID: a7910091069c01c9d445d42c57562e2c4c51cdb87596cd811be47a7c02f5aff0
                                          • Instruction ID: cfa934d2fbb9ea6a359fec0837c9f72ce483699889a0414a6d943abb2c25a630
                                          • Opcode Fuzzy Hash: a7910091069c01c9d445d42c57562e2c4c51cdb87596cd811be47a7c02f5aff0
                                          • Instruction Fuzzy Hash: B2316D72301B9486EB909F16D898B9E3BA9FB88B98F058129DF4D07391DF7DC488C754
                                          Function 005842E0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 70stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strcmp
                                          • String ID: value "$": must be $, or $`%z$bad
                                          • API String ID: 1004003707-3216011396
                                          • Opcode ID: c9666117556122a3bf0582e8d0b1707386d8dd8bf66d7e317e93f36c0761b295
                                          • Instruction ID: bc5c6772a4b88c5eef89c286f97160299b3103510b4fe51df74e6a8b6cc0adc5
                                          • Opcode Fuzzy Hash: c9666117556122a3bf0582e8d0b1707386d8dd8bf66d7e317e93f36c0761b295
                                          • Instruction Fuzzy Hash: 9C219D62704A4191EB11EF12EC44B9ABB64FB55FD8F888416EE0D57B18DF3CC586D740
                                          Function 006161D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 136stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strpbrk
                                          • String ID: *[?\$stderr$stdin$stdout
                                          • API String ID: 3024680390-836948674
                                          • Opcode ID: 974a7ef27c1bee43edd6e66e2abf91317d5fb30fc69c124d9e123b420b743e5b
                                          • Instruction ID: 67ebc623b30c283963e3e784eafb0efe487328eb89651913bcf2364e54abf585
                                          • Opcode Fuzzy Hash: 974a7ef27c1bee43edd6e66e2abf91317d5fb30fc69c124d9e123b420b743e5b
                                          • Instruction Fuzzy Hash: 7B41F06A301A8185EF249F22E9043EA6763FB85BC4F4C8629FE194B754EF7CD581C384
                                          Function 004E40A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: Handle
                                          • String ID: `%z
                                          • API String ID: 2519475695-4021639927
                                          • Opcode ID: 746b456c9110b1132ee9ea5269bc65699f283d9305fc677790a818d912066d18
                                          • Instruction ID: 26da7ab44d4494930a889f247908bc69556c9c83c61e8b834bdc62e7f9e020da
                                          • Opcode Fuzzy Hash: 746b456c9110b1132ee9ea5269bc65699f283d9305fc677790a818d912066d18
                                          • Instruction Fuzzy Hash: 3A11AB21B1DA8083DE154B3AAC4437E2391ABC1B62F584337EE2E837D0DF2CC846D206
                                          Function 005A0300 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 422COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (menu invoke)$ (menu preprocess)$Trying to activate an entry which doesn't exist.$`%z
                                          • API String ID: 0-51154598
                                          • Opcode ID: 8d227f655b1054c9bc7945ac5853e1f6b513c8d203c90ff95d83fa9a143b87ba
                                          • Instruction ID: f3db12b4c78b05f11ff2087b3a27e067efaba974d1af14acc7dd4136a6711a7b
                                          • Opcode Fuzzy Hash: 8d227f655b1054c9bc7945ac5853e1f6b513c8d203c90ff95d83fa9a143b87ba
                                          • Instruction Fuzzy Hash: 26026936221A8086DB24DF26D4887AE7B61F78AF98F099522DF4E07798DF38D845C750
                                          Function 005A4000 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 144COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf
                                          • String ID: `%z$wrong # coordinates: expected 0 or 4, got %d$wrong # coordinates: expected 4, got %d
                                          • API String ID: 590974362-1888294960
                                          • Opcode ID: 2761eec8df0c05a3455583f9b30e1bbc5138e56395f8abf13654acb511b49e66
                                          • Instruction ID: 4125653265ee6147d0d3c50b727e57873d5b11a9289713d101736a70c8f74d1a
                                          • Opcode Fuzzy Hash: 2761eec8df0c05a3455583f9b30e1bbc5138e56395f8abf13654acb511b49e66
                                          • Instruction Fuzzy Hash: 0E513676304B8485DB619F62E9087DEAB64F78AFC4F448022DF4E27B14DF39E5958B00
                                          Function 005A62F0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 113COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf
                                          • String ID: `%z$wrong # coordinates: expected 0 or 2, got %d$wrong # coordinates: expected 2, got %d
                                          • API String ID: 590974362-2527432530
                                          • Opcode ID: 6d54f96f179433f20b0d98e22e3e407d05eba914d218ef969fdf8a457f1f686e
                                          • Instruction ID: ad11691bed647aa0f4673e60b62029312560fd216a272299e4655416194720e9
                                          • Opcode Fuzzy Hash: 6d54f96f179433f20b0d98e22e3e407d05eba914d218ef969fdf8a457f1f686e
                                          • Instruction Fuzzy Hash: 51417862314A8095DB619F67ED48BED6B61F78AFE5F488223DE2D07B94CF28D446C700
                                          Function 006102E0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 111COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf
                                          • String ID: ?-safe? ?--? ?path?$i_u$interp%d$option
                                          • API String ID: 590974362-1241021787
                                          • Opcode ID: 3cf7d5f6735c8a243f1bfa05bf8951119a0d9c415c0e00df71ec18e2fe6dd689
                                          • Instruction ID: f9f8b346cd95948abb0ad217bf4436e58bc201ec04a29c3ec119162925124a00
                                          • Opcode Fuzzy Hash: 3cf7d5f6735c8a243f1bfa05bf8951119a0d9c415c0e00df71ec18e2fe6dd689
                                          • Instruction Fuzzy Hash: 004123B230824086FF219F26E8113EA6B63B785BC4F5C4119DE5A4B745DBBCC5C2CB41
                                          Function 0063A030 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 103stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • expected versionMin-versionMax but got ", xrefs: 0063A0A6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strchr$memcpystrlen
                                          • String ID: expected versionMin-versionMax but got "
                                          • API String ID: 647414859-3694757844
                                          • Opcode ID: aab219d7f540f33ff675d5a77c4a7c407198336fd8c38f297c5064181765ed61
                                          • Instruction ID: 06e53281455366a79017b8107a05d5f5c7a775076de705be5b6a217170838b45
                                          • Opcode Fuzzy Hash: aab219d7f540f33ff675d5a77c4a7c407198336fd8c38f297c5064181765ed61
                                          • Instruction Fuzzy Hash: 2A21A73371128154EF59EF62AD06BEA4203AB88BE8F4C40359F4E47B01EE3CC885D381
                                          Function 0066E120 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: wsprintf
                                          • String ID: %lu$?channelId?$$v
                                          • API String ID: 2111968516-2514405362
                                          • Opcode ID: 4bd670b7780bc0d009c68f6c7b2329abd3dbb028aa6b7ca749be9fdafe3b315c
                                          • Instruction ID: b152e0dedc2d47cbc4db665902455b8771056df4b876721fbb27889cec1c216c
                                          • Opcode Fuzzy Hash: 4bd670b7780bc0d009c68f6c7b2329abd3dbb028aa6b7ca749be9fdafe3b315c
                                          • Instruction Fuzzy Hash: B0215632B1096051EFA4EB37AD12BAB5643BB86BC4F444129BD0E4BB01DD3EC5829744
                                          Function 004FA220 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 56COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sscanf
                                          • String ID: out of range$#%d$Column $`%z
                                          • API String ID: 3173990253-3418477807
                                          • Opcode ID: 0a656a821188ec692301a64334bb8d9544387d2895835e844efe731b6c6b8996
                                          • Instruction ID: e88cfd59f7c074952947801f53b501539f48902fa8f39e1b628bb0be91b2336c
                                          • Opcode Fuzzy Hash: 0a656a821188ec692301a64334bb8d9544387d2895835e844efe731b6c6b8996
                                          • Instruction Fuzzy Hash: 831157B6B09B8989DE11DB66E8843A92760F789FD4F488072DF4E47324DE3CD6A5C301
                                          Function 00600281 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • TclExecuteByteCode: abnormal return at pc %u: stack top %d < entry stack top %d, xrefs: 005FD2ED
                                          • TclExecuteByteCode execution failure: end stack top < start stack top, xrefs: 005FD300
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: __iob_funcfprintf
                                          • String ID: TclExecuteByteCode: abnormal return at pc %u: stack top %d < entry stack top %d$TclExecuteByteCode execution failure: end stack top < start stack top
                                          • API String ID: 620453056-803463824
                                          • Opcode ID: b991e19e3225182d6bb290d455e2eea6c4505cb4769423869ac711a98ce4f5e0
                                          • Instruction ID: 8084b422bc48045a4a461e24f4171013ee055177f821a21424645adc1b775a62
                                          • Opcode Fuzzy Hash: b991e19e3225182d6bb290d455e2eea6c4505cb4769423869ac711a98ce4f5e0
                                          • Instruction Fuzzy Hash: 52117C36208AC982DA22DB59F8443EEF731FB88799F044112DF8903A59CB7CD585CB95
                                          Function 00654120 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 112stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strlen$memcpy
                                          • String ID: Tcl_Concat: max size of Tcl value exceeded
                                          • API String ID: 3396830738-2399880552
                                          • Opcode ID: 6223d35c360942cd414f025c0c14d79b3fc7e408ea61b9c76d79295f2d7f304e
                                          • Instruction ID: fbbbc18d667667be535db5a9360fb736ceb16e62b85f4db4afd979ab5fcecf1a
                                          • Opcode Fuzzy Hash: 6223d35c360942cd414f025c0c14d79b3fc7e408ea61b9c76d79295f2d7f304e
                                          • Instruction Fuzzy Hash: AF31D862B0126101EB50EF72AC513FB1A8367A07C9F884079EE0E07385EE38C9CF8340
                                          Function 00576200 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf
                                          • String ID: %d %d$`%z$tk_textInvalidateLine
                                          • API String ID: 590974362-2169301199
                                          • Opcode ID: fb8e96842deb9fda7d690ca29b18b85b86f51724833cd94604ed8a77f002d2d0
                                          • Instruction ID: 8fcab7048d731db3e0f52fccfe5f958929b83b5aa964d313794cade017bef94c
                                          • Opcode Fuzzy Hash: fb8e96842deb9fda7d690ca29b18b85b86f51724833cd94604ed8a77f002d2d0
                                          • Instruction Fuzzy Hash: 0731C136B04E848ADB618F6AF8047997B60F389BD4F588121CF9E07360DF79D885C740
                                          Function 0066A2F0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: memcpysprintf
                                          • String ID: 8.5$lib/tcl%s
                                          • API String ID: 2854459516-1716964122
                                          • Opcode ID: cfbf18903040b8eac1d4722844a2e2b28d1272173a19d44f23ba8743c1ff1243
                                          • Instruction ID: 9bb45995055682814785cc2afccad275e2f9c7ddfec8550a8efdf5effac76f12
                                          • Opcode Fuzzy Hash: cfbf18903040b8eac1d4722844a2e2b28d1272173a19d44f23ba8743c1ff1243
                                          • Instruction Fuzzy Hash: F201F2B3701B8189EA01AF26EC067CD63A6AB85BD4F48C035EE0D4B305EA39D445CB80
                                          Function 005B6080 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 40stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: strlen
                                          • String ID: few$many$too %s arguments for math function "%s"
                                          • API String ID: 39653677-3319748253
                                          • Opcode ID: 977cc5c98b70798a41efbfe5602a3ec25e5c751605cd0ae269dd6cd2c70538d1
                                          • Instruction ID: 281b08723bfc15d9162844933f73715d6e01700b6111241edb7eddfa367dd10c
                                          • Opcode Fuzzy Hash: 977cc5c98b70798a41efbfe5602a3ec25e5c751605cd0ae269dd6cd2c70538d1
                                          • Instruction Fuzzy Hash: B5F07851B4964814EB01EB27A8087E86B45A785FC8FC88025DE0D07346EF2CCD49C341
                                          Function 004FE090 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: sprintf
                                          • String ID: 0x%p$`%z$tk_dialog
                                          • API String ID: 590974362-4228001868
                                          • Opcode ID: fa697f41ed77028ef966233d21652349344ef33778bec8a2e51db465c55c9029
                                          • Instruction ID: b395496061a4489cc22f99f1676648d08ba1f722652a29329bb6fa5b0369ad59
                                          • Opcode Fuzzy Hash: fa697f41ed77028ef966233d21652349344ef33778bec8a2e51db465c55c9029
                                          • Instruction Fuzzy Hash: C6F08272B48A8895EA129F17EC04BC92720F789BD5F888032DF4D17715DE3DD58AC300
                                          Function 0050C0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • `%z, xrefs: 0050C0DA
                                          • num matched toplevel windows does not equal num children, xrefs: 0050C16B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: EnumWindows
                                          • String ID: `%z$num matched toplevel windows does not equal num children
                                          • API String ID: 1129996299-3512754414
                                          • Opcode ID: a628b5a40092de43951fecd37f43fd04311f22ecdbbeda35a330400bea0624e4
                                          • Instruction ID: db345678814428eb7fcf07cfad1cf67e58c38b4b6b6be8ffe29d50b6033d9792
                                          • Opcode Fuzzy Hash: a628b5a40092de43951fecd37f43fd04311f22ecdbbeda35a330400bea0624e4
                                          • Instruction Fuzzy Hash: D6212536214B45D2DB208F1AE98436E7B75F789BD0F488222DB9E037A4DF78C564C700
                                          Function 0059E240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetMessagePos.USER32 ref: 0059E2A6
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504BE2
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504BEC
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504C01
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504C16
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504C27
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504C38
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504C49
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504C5B
                                            • Part of subcall function 00504BD0: GetKeyState.USER32 ref: 00504C6D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: State$Message
                                          • String ID: #$MenuSelect
                                          • API String ID: 2099557750-3642914969
                                          • Opcode ID: ffc05f48dc589ab237e6b8eaa8945061625e75280774b71c8096b649029d8642
                                          • Instruction ID: f4a646778d8ba5de78e9b7f747d8df684bff2315b1dc9ef7177964aed034b273
                                          • Opcode Fuzzy Hash: ffc05f48dc589ab237e6b8eaa8945061625e75280774b71c8096b649029d8642
                                          • Instruction Fuzzy Hash: C011D472909B4486EB10DF66F44831ABBA4F7C8758F548129AA8947768DB7DC0558F40
                                          Function 0059E1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2968082651.00000000004E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                          • Associated: 00000000.00000002.2968043554.00000000004E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968266444.00000000006F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968281155.00000000006F4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968298515.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968315475.00000000006F7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968334705.00000000006FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968352527.00000000006FB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968369811.00000000006FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968388733.00000000006FE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968407979.0000000000706000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968430027.0000000000709000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968451740.000000000070A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968472398.000000000070B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968496484.000000000070D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968516784.000000000070E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968538834.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968561919.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968629783.00000000007A1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968656246.00000000007A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968731166.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968747486.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2968816648.00000000007D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4e0000_HammerDB-4.jbxd
                                          Similarity
                                          • API ID: DestroyWindow
                                          • String ID: `%z
                                          • API String ID: 3375834691-4021639927
                                          • Opcode ID: 000d325884cc2b5404d678cc68d7f4c5815afd308ac0e5d1a9885dbfc3e5166c
                                          • Instruction ID: 31c72f41586ab6423e54e17bc9d439af1dbb37e631a1fd58d99e779a389b1c73
                                          • Opcode Fuzzy Hash: 000d325884cc2b5404d678cc68d7f4c5815afd308ac0e5d1a9885dbfc3e5166c
                                          • Instruction Fuzzy Hash: 09F0F436708A84C1EB61DF26E8943986760F798F98F098026CE9D433A4DF78C989C300